[2261] in Security FYI
[IS&T Security-FYI] Special Issue: SFYI Newsletter, April 22, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Thu Apr 22 14:27:51 2010
Message-Id: <52C73669-77CC-48FA-885A-914ADF25F957@mit.edu>
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi@MIT.EDU
Mime-Version: 1.0 (Apple Message framework v936)
Date: Thu, 22 Apr 2010 14:26:50 -0400
Cc: itss@MIT.EDU
Content-Type: multipart/mixed; boundary="===============1623287895=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1623287895==
Content-Type: multipart/alternative; boundary=Apple-Mail-18--551648986
--Apple-Mail-18--551648986
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
McAfee Virus Update File Causes Problems
Because of the Monday holiday, this week's regular Monday issue of
SFYI was skipped, but there was one piece of news from this week
prompting this special issue.
Yesterday morning (April 21) the 5958 DAT file from McAfee (the
software company that produces the anti-virus tool VirusScan
Enterprise for Windows and Security 1.0 for Macintosh) caused a false
positive virus detection on Windows XP computers running Service Pack
3, quarantining the svchost.exe file on affected systems. This caused
computers to crash, made them unable to reboot or led to a Blue Screen
of Death.
McAfee quickly removed the offending file just hours after the
discovery and promptly issued information and a SuperDAT Remediation
Tool to address the problem on computers who had already received the
downloaded file. The tool can be run on affected machines to restore
the svchost.exe file. The remediation instructions are linked below
and I recommend you ask an IT professional to assist you with them.
The issue was also resolved in the 5959 DAT file released by McAfee
the same day, which can also be downloaded from their site.
Those who might take this news as a deterrent to using virus
protection software need to remember that in spite of the problems
caused by this incident, not having virus protection on your computer
will lead to a worse outcome. Virus protection software engineers are
daily and often hourly fighting the new waves of malware being
released on the Internet. Their battle never slows down and they must
respond instantly to new viruses or expose their customers to zero-day
attacks (attacks that can make it through vulnerabilities in software
which has not had enough time to be patched). McAfee and other anti-
virus software vendors have had this problem with update files occur
more than once in the past and it will likely happen again.
A full story of the problem that occurred:
<http://www.cnn.com/2010/TECH/04/22/cnet.mcafee.antivirus.bug/>
Details for remediation:
<https://kc.mcafee.com/corporate/index?page=content&id=KB68780>
Information on the issue is also available in the MIT knowledgebase
Hermes:
<http://kb.mit.edu/confluence/x/W4Vh>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-18--551648986
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; ">McAfee =
Virus Update File Causes Problems</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">Because of the Monday holiday, this week's =
regular Monday issue of SFYI was skipped, but there was one piece of =
news from this week prompting this special issue.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Yesterday morning (April 21) the =
5958 DAT file from McAfee (the software company that produces the =
anti-virus tool VirusScan Enterprise for Windows and Security 1.0 for =
Macintosh) caused a false positive virus detection on Windows XP =
computers running Service Pack 3, quarantining the svchost.exe file on =
affected systems. This caused computers to crash, made them unable to =
reboot or led to a Blue Screen of Death.</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">McAfee quickly removed the offending file just =
hours after the discovery and promptly issued information and a SuperDAT =
Remediation Tool to address the problem on computers who had already =
received the downloaded file. The tool can be run on affected machines =
to restore the svchost.exe file. The remediation instructions are linked =
below and I recommend you ask an IT professional to assist you with =
them.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">The issue was also resolved in the 5959 DAT file released by McAfee =
the same day, which can also be downloaded from their site.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Those who might take this news as =
a deterrent to using virus protection software need to remember that in =
spite of the problems caused by this incident, not having virus =
protection on your computer will lead to a worse outcome. Virus =
protection software engineers are daily and often hourly fighting the =
new waves of malware being released on the Internet. Their battle never =
slows down and they must respond instantly to new viruses or expose =
their customers to zero-day attacks (attacks that can make it through =
vulnerabilities in software which has not had enough time to be =
patched). McAfee and other anti-virus software vendors have had this =
problem with update files occur more than once in the past and it will =
likely happen again. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">A =
full story of the problem that occurred:</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; "><<a =
href=3D"http://www.cnn.com/2010/TECH/04/22/cnet.mcafee.antivirus.bug/">htt=
p://www.cnn.com/2010/TECH/04/22/cnet.mcafee.antivirus.bug/</a>></div><d=
iv style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">Details for remediation:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"https://kc.mcafee.com/corporate/index?page=3Dcontent&id=3DKB68=
780">https://kc.mcafee.com/corporate/index?page=3Dcontent&id=3DKB68780=
</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Information on the issue is also available in the MIT knowledgebase =
Hermes:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "><<span style=3D"font-size: 90%;"><a =
href=3D"http://kb.mit.edu/confluence/x/W4Vh">http://kb.mit.edu/confluence/=
x/W4Vh</a></span>></div><br><div apple-content-edited=3D"true"><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: Calibri; font-size: medium; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; orphans: 2; text-align: auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><div><span class=3D"Apple-style-span" =
style=3D"font-size: medium;"><br></span><div>Monique Yeaton</div><div>IT =
Security Awareness Consultant</div><div>MIT Information Services & =
Technology (IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></div></span><br =
class=3D"Apple-interchange-newline"> </div><br></body></html>=
--Apple-Mail-18--551648986--
--===============1623287895==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1623287895==--
