- Jan 8, 2017
- 1,320
Symantec, McAfee and Trend Micro: Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond
Hackers Breached 3 US Antivirus Companies
- Thread starter upnorth
- Start date
- Status
Clearly lateral movement within these networks was not guarded. That's actually incredibly lame for security computers... Also, many (including myself) have advocated here a form of security through obscurity.
That often, it isn't wise to use what everyone else, or even a significant portion of people use. Especially if that usage places you in the company of targets - that is a product many targeted people (for whatever reason) would themselves use. As that fact would increase the threat surface of the product and everyone using it. If you think AV companies can contain their code and maintain secrecy and safety you are wrong. Not even Kaspersky can do that as we found out in a serious of breaches of them as well.
So using an AV that 'nobody cares about' is probably not a bad idea. Using no AV at all and relying on locking down Windows, SRP, Anti-EXE and other things is probably an even better idea. But if you insist on using an AV perhaps it is wise to consider one of the less popular ones.
Emsisoft is divergent in that their distributed company format could potentially give it greater security and privacy if they conduct it with efficient and serious protections. But if they aren't diligent that distributed environment could expose them to ancillary breaches.
Trend, Symantec and McAfee are largely rendered irrelevant now. This theft appears extensive. They'd have to re-engineer their entire product line to overcome such a wide ranging theft if the reports are accurate. As a result, I would immediately cease usage of all three products. Also keep in mind, if you use a router with Trend Micro, that could also be a problem as it shares code from the desktop versions in how it manages web filtration. I'd expect as more leaks unfold the detection level of exploits of these products escalates accordingly.
PS: SIGNIFICANT portions of US Govt., Infrastructure and Military use the above three products.
That often, it isn't wise to use what everyone else, or even a significant portion of people use. Especially if that usage places you in the company of targets - that is a product many targeted people (for whatever reason) would themselves use. As that fact would increase the threat surface of the product and everyone using it. If you think AV companies can contain their code and maintain secrecy and safety you are wrong. Not even Kaspersky can do that as we found out in a serious of breaches of them as well.
So using an AV that 'nobody cares about' is probably not a bad idea. Using no AV at all and relying on locking down Windows, SRP, Anti-EXE and other things is probably an even better idea. But if you insist on using an AV perhaps it is wise to consider one of the less popular ones.
Emsisoft is divergent in that their distributed company format could potentially give it greater security and privacy if they conduct it with efficient and serious protections. But if they aren't diligent that distributed environment could expose them to ancillary breaches.
Trend, Symantec and McAfee are largely rendered irrelevant now. This theft appears extensive. They'd have to re-engineer their entire product line to overcome such a wide ranging theft if the reports are accurate. As a result, I would immediately cease usage of all three products. Also keep in mind, if you use a router with Trend Micro, that could also be a problem as it shares code from the desktop versions in how it manages web filtration. I'd expect as more leaks unfold the detection level of exploits of these products escalates accordingly.
PS: SIGNIFICANT portions of US Govt., Infrastructure and Military use the above three products.
- Mar 29, 2018
- 7,595
Amen to this. We are fortunate to have info and access to such a variety of choices here on MT.
- Mar 30, 2018
- 139
I never trust these American antivirus software, for thousands of reasons, this is the bottom of the pit for them now. Good thing we have good antivirus still, like GData, Emsisoft and F-Secure, is the way forward 
- Apr 1, 2019
- 2,867
Maybe this will be the reasoning I can use to trade our ASUS in for a Gryphon router.
This is so embarrassing for Norton/Symantec from a TV watcher's standpoint, even if it was proved false after the fact. I watched the news recently and a show afterward is off the air and Norton with LifeLock has a fully 30 minute infomercial on identity theft and how this system, for a fee of course, will safeguard you from all kinds of dastardly stuff regarding your credit. Did Symantec not initially deny this allegation? Maybe most people won't make the connection between Norton and Symantec, especially not its LifeLock customers, ya think? Wow.
Plenty of commercials on LifeLock w/Norton on Youtube and other video sites. Apparently, subscriptions went up especially after the Equifax breach.
Plenty of commercials on LifeLock w/Norton on Youtube and other video sites. Apparently, subscriptions went up especially after the Equifax breach.
Grave news if it does come out to be true that Norton/Symantec is part of the bunch.... If so...ehhhh yeah Norton/Symantec will be coming off my personal systems ASAP for a while until I believe things are fixed. This may force me into the Bitdefender camp quite fast if this is the case here. Luckily, I have a system like Fort Knox here; however, I feel sad for folks who may not know about what is going on or fully understand.
Not extremely abnormal to see commercials for Norton/Symantec this time of year @plat1098 ! However, one does wonder based on recent happenings.... Its to be determined (TBD) yet what has all happened.
We live in a sad world. Thankfully, we have great folks here on MT to help make this world a better place!
I'm a bit on the edge of my seat about Norton/Symantec..... For now I'll be sticking with Norton/Symantec on my personal computers, but if things continue going where I think they are going off to Bitdefender I will roll and not look back to Norton/Symantec for some time. Depends largely on how things shake out. Who knows maybe these folks hit a "Honeypot" and are reporting it as "true" just to protect everyone. Yall know the stories of having a good "honeypot" for hackers to go after. Gotta' have one [errr in their case many] of em'.
Stay frosty!
~Brian
Not extremely abnormal to see commercials for Norton/Symantec this time of year @plat1098 ! However, one does wonder based on recent happenings.... Its to be determined (TBD) yet what has all happened.
We live in a sad world. Thankfully, we have great folks here on MT to help make this world a better place!
I'm a bit on the edge of my seat about Norton/Symantec..... For now I'll be sticking with Norton/Symantec on my personal computers, but if things continue going where I think they are going off to Bitdefender I will roll and not look back to Norton/Symantec for some time. Depends largely on how things shake out. Who knows maybe these folks hit a "Honeypot" and are reporting it as "true" just to protect everyone. Yall know the stories of having a good "honeypot" for hackers to go after. Gotta' have one [errr in their case many] of em'.
Stay frosty!
~Brian
- Apr 1, 2019
- 2,867
Imagine if you were using Trend. That bleepingcomputer piece is pretty concerning if those chat logs are real.
Yeah it would be rocky times at Trend I do say @blackice ... I fully agree. Not good by any means. If those chat logs are true and can be verified one way or another the folks at Trend gotta be shaking in their boots per say..
Any company that has been subject to this type of stuff would be shaking in their boots really. Honeypot theory or no honeypot theory - not good!
What is a honeypot in security lingo? Do a small Dr. Google search and anyone can find out. Needless to day, if these folks got the actual stuff then all bets are off on what may happen. Sad day n' age we live in. I hope things shake out ok for the companies - all companies - involved.
~Brian
- Apr 1, 2019
- 2,867
I’m familiar with honeypots. But if they play a game of obfuscation on what really happened it’ll make a lot of customers feel burned. I don’t know if any business would agree to that. Not to mention Symantec having a high profile employee step down within a day.
- Jun 24, 2016
- 2,483
inb4 compromised antivirus companies sharing long boring article about how sorry they are and promising to do better
Oh honeypots wasn't directed to you but just in general for folks. No worries.
Yeah something fishy is goin' on that's for sure. I don't believe for one second that its just really coincidence that those folks are stepping down at this point of time.. If it is coincidence then very bad coincidence it is indeed..Obfuscation no good comes from obfuscation .. You are right!
A lot of folks will feel burned for sure. Great points @blackice !
~Brian
- Mar 29, 2018
- 7,595
Yes, most will either make no connection or will not hear about this because it's just one of too many other bad news stories on an average day. Only IT people, security forum nerds, Wall St. financiers and a few other newshounds will give a hoot about it. The news cycles are too big, complex and fast moving so this story will be yesterdays news fast for the billions of people the world over. :emoji_neutral_face:
- Apr 1, 2019
- 2,867
No worries, misunderstood you. I would hope it was a honeypot operation, or a big sham by this Advanced Intel company that came out of nowhere with this huge investigation. Unfortunately, signs point to it being real. Here’s hoping in a few weeks we all laugh because they say it was a honeypot operation. Not counting on it though.
- Aug 4, 2016
- 1,465
- Jul 27, 2015
- 5,458
Symantec
www.bleepingcomputer.com
Trend Micro
McAfee
Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond
A report last week about Fxmsp hacker group claiming access to the networks and source code of three antivirus companies with offices in the U.S. generated statements from alleged victims that are disputed by the firm that sounded the alarm.
Last edited:
- Aug 11, 2018
- 95
I wonder if there will be others to follow.
- Aug 5, 2012
- 577
The question should be not if there will be others to follow (it would IMO) but whether if we find out it or not.
Very strange thing that only US based companies were attacked.
Last edited:
- Mar 25, 2014
- 398
So which ones are not popular? Nano? Dr. Web? K7 Computing? ZoneAlarm?
- Mar 3, 2017
- 126
An AV which is not being actively tested on AV-C or AV-TEST would be a start in finding the less popular ones. That seems a bit extreme though and instead of suffering from privacy and data leaks you will just get worse protection in exchange. Stick to EU based companies and you will be better off. Or even better lockdown Windows with a backup plan, anti-exe and sandbox instead of relying on software which introduce new vulnerabilities every other month.
- Status
Similar threads
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}