Thanks WinOSCentral A group of German hackers have exposed a vulnerability in Symantec"s software for updating antivirus software and other programs, which could be used to download and run hostile code from an unauthorized server.
Symantec, which makes antivirus and security software, has confirmed that older versions of its virus definition software will allow malicious programs such as Trojan horses and the remote penetration of systems running version 1.4 of LiveUpdate to occur. The risk of unauthorized intrusion is lessened on systems running the latest version 1.6, but network degradation and outages could still be possible.
German hacking group Phenoelit spotted the security hole and insists that LiveUpdate could be forced to download illicit programs onto the PC. "When LiveUpdate 1.4 is started (either by hand or by a scheduled task), it looks for the server "update.symantec.com"," states the Phenoelit bulletin. "An attacker can use one of several attacks to return false information to the querying host."
According to the Phenoelit alert, when the host running LiveUpdate tries to connect to update.symantec.com via FTP, it is possible for an attacker to redirect the request to a server of their choice.