Tough weekend for AV giants as FPs and DNS issues hit

Posted by   Virus Bulletin on   Sep 10, 2008

Trend false alert cripples users' systems, Sophos sites taken out by DNS mixup.

Two of the larger security firms, Trend Micro and Sophos, had a busy weekend cleaning up after troubles hit them on Friday. Trend Micro released a pair of signature updates which led to its products erroneously identifying several Windows system files as malware, resulting in some systems becoming unusable. Meanwhile, some Sophos customers were left unable to access updates thanks to DNS problems which impacted access to the firm's websites for up to 48 hours.

The Trend false positive resulted from a pair of faulty definitions, and hit XP and Vista users around the world. An update to fix the problem was released promptly on Friday, but not in time for some, who found their systems frozen as access to the required DLL and Javascript files was denied by the security software.

Although the exact number of customers affected remains unclear, one correspondent told ComputerWorld the Trend support lines were overflowing with demands for assistance. The incident is not thought to be as major as one suffered by Trend three years ago, which severely affected many users in Trend's home market of Japan and led to public apologies from the Trend board. More details and comment on the recent problems are in ComputerWorld here or The Register here, with an official support article at Trend here.

Sophos users found access to some of the company's websites, including those used to provide security updates, interrupted after what was apparently an error made by an external DNS management company. The slip meant that the sophos.com domain was unreachable for a time, although local versions of the site were unaffected. Even once the problem had been spotted and fixed, users in some areas continued to have problems into the weekend as the changes propagated.

Sophos issued statements making it clear that the problems were not the results of any malicious activity, and reassuring customers that updates would be caught up with as soon as the DNS changes settled in. The advisory is on the Sophos site here.

Posted on 10 September 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

New article: Dissecting the design and vulnerabilities in AZORult C&C panels

In a new article, Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team's findings related to the C&C design and some security issues they identified.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.