When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee







  • So Symantec and McAfee are not surprises at all, these have been considered jokes of security products for forever. Symantec is the brand behind Norton and that's often considered to be malware itself. The US AV market has been heavily depending on FUD to scare people away from foreign AV companies (the "red scare" of Kaspersky anyone?) McAfee is made by Intel who has made a reputation recently in security blunders with their chips. That those two are listed is about the least surprising thing ever. TM is more surprising, but mostly because they tend to stay out of the limelight more than anything.



  • Of course, AV vendors are huge targets, if you are going to hack someone, who better? And Symantec and McAfee are not just AV vendors, but the industry leading bloatware vendors so they pay to have their bloatware included in nearly every new Windows computer sold. So not only are they big targets because they are AV companies, but they are the top bloatware companies, too.

    And, of course, these are vendors, because of their bloatware and industry pariah stance, that tend to flag customers running them as "low hanging fruit" targets. If you have either of these installed, you are very likely not cleaning up other bloatware, tend to miss malware installs, just generally not maintaining your environments or are easily persuaded to buy expensive things by sales people without evaluating your needs. Bottom line, if you are a cyber criminal, getting access to these vendors is a huge win, in so many ways.



  • @scottalanmiller said in When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee:

    So Symantec and McAfee are not surprises at all, these have been considered jokes of security products for forever. Symantec is the brand behind Norton and that's often considered to be malware itself. The US AV market has been heavily depending on FUD to scare people away from foreign AV companies (the "red scare" of Kaspersky anyone?) McAfee is made by Intel who has made a reputation recently in security blunders with their chips. That those two are listed is about the least surprising thing ever. TM is more surprising, but mostly because they tend to stay out of the limelight more than anything.

    so, What does it mean?
    Antivirus companies - so they have access to a bunch of data now, but what else?



  • @WrCombs said in When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee:

    Antivirus companies - so they have access to a bunch of data now, but what else?

    That we don't know, or if we do, I've not seen it in the article yet. Here is what it says at the top:

    "Fxmsp hacker group claiming access to the networks and source code of three antivirus companies with offices in the U.S. generated statements from alleged victims that are disputed by the firm that sounded the alarm."

    If they have accessed the networks, and seen the source code, we have a few fears. Primariy:

    1. They have see the skeletons in the closet of closed source software. Closed source software is inherently insecure as it relies on security through obscurity rather than open code reviews and "many eyes" to find bugs, backdoors, and other insecurities. If that source code is compromised, that means that malicious third parties now have all the inside secrets to that software while the good guys do not. So they potentially know all kinds of vulnerabilities that have thus far been secrets.

    2. They might have modified the source code putting in malicious attacks right into the products. We don't have a specific reason to believe that they would have done this other than it is the obvious top prize to be had in an attack of this nature. If they did this then the degree of risk could be insane (for people installing that crap.) It means that basically that every major computer vendor might be pushing out full blown malware as default bloatware!



  • @WrCombs said in When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee:

    Antivirus companies - so they have access to a bunch of data now, but what else?

    A lot! Maybe



  • @scottalanmiller said in When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee:

    1. They might have modified the source code putting in malicious attacks right into the products. We don't have a specific reason to believe that they would have done this other than it is the obvious top prize to be had in an attack of this nature. If they did this then the degree of risk could be insane (for people installing that crap.) It means that basically that every major computer vendor might be pushing out full blown malware as default bloatware!

    This is sorta what happened to ccleaner (ok it was a website redirection attack, but the end result was the same - compromised code looking like ccleaner being installed).
    I can't recall if the bad ccleaner was signed or not?



  • @Dashrender said in When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee:

    This is sorta what happened to ccleaner (ok it was a website redirection attack, but the end result was the same - compromised code looking like ccleaner being installed).

    That's not even "sort of" like this. Not in the least.



  • @Dashrender said in When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee:

    I can't recall if the bad ccleaner was signed or not?

    Even if it was, that would be a Microsoft compromise. This is about the AV vendors getting hacked.