Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Symantec pattern fires on Spybot Search & Destroy 1.3

Published: 2007-05-31
Last Updated: 2007-05-31 19:09:25 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

We have received a couple of reports that Symantec Antivirus triggers on the file 'blindman.exe', part of the SpyBot Search & Destroy package. Apparently only the file included with version 1.3 was detected as a trojan, not the one included with the more recent version 1.4

Symantec has confirmed this issue occurred in the 05/30/2007 rev.020 Intelligence Update and LiveUpdate definitions. They've made available Rapid Release definition build 69173 (extended version 05/30/2007 rev. 035) to resolve the issue. LiveUpdate definitions that correct the issue were also published, version 90530ao (Sequence number: 69179; extended version 05/30/2007 rev.041).

Thanks to Matt and Scott for reporting the issue, and Symantec for their fast response.

0 comment(s)
Diary Archives