NIS is getting false positives regarding "HTTP Adobe SWF Remote Code Exec"

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

 

Hmm, maybe I should let someone at IGN.com know about this.  What you're saying is, that Norton may be detecting the vulnerablities of these sites and not necessarily at direct malicious attack?  Thanks again for the info.  I suppose for now, I could just tell Norton to stop notifying me of this?  It should still block the so-called "intrusions" normally but without disturbing my browsing right?

Message Edited by Gravel on 08-19-2008 06:05 PM
Message Edited by Gravel on 08-19-2008 06:07 PM

Gravel,

 

My previous post was only a theory. 

 

This may have to be investigated further as I just went to IGN.com and did not get any signs of an attack.

 

Until resolved, I would not advise turning off the notifications.

 

Perhaps another forum user could try hitting the website and report back.

I have sent you a Private Message (PM - the  in the upper right corner) regarding this issue. Please respond and we will work to resolve this issue. Thanks!

Message sent.  My friend just now visited IGN, particularlly the PC gaming section and he just got the exact same notification.

got one of those warnings the other night, when I was at Rotten Tomatos I go there all the time but was looking at pictures from a movie when Norton gave me a warning when a Flash ad came up. the ad was from 72.246.51.14  Rotten tomatos is owned by IGN, seems a lot of these are going around right now. some reports of them happening at Yahoo at Dslreports.com

At first I thought these "HTTP Adobe SWF Remote Code Exec" intrustions I kept getting were actual threats - http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=5345 

 

Now I think they're really false positives on Norton's part as I've been getting them on legitimate websites such as IGN.com.  I think Norton should look into this with Adobe.  I have the latest version of Flash installed which was supposed to deal with that threat.  And the websites I have been visiting are not known for malicious software especially IGN.

Message Edited by Gravel on 08-19-2008 06:09 PM

jarrycanada,

 

Interesting correlation you made between Rotten Tomatos and IGN.

 

Could you provide a link or send me info by PM about the reports you have seen. I'd like to read them.

 

Thanks,

 

Phil

Gravel,

 

They may not be false positives, but rather "cross-site scripting attacks" which are being blocked by Norton.

 

I do some website design and Adobe published a Security Update for Web Developers addressing a potential vulnerability for inserting Flash Video onto websites. Without getting too technical, this update means that webmasters should fix the flash players on their websites to prevent any potential issues. This is different than you having the most up to date flash player.

 

In other words, since you have an up to date Flash Player and are running NIS 2008 you will not be adversely affected, however if a "legitimate" website has not taken the time to fix the Flash component on their site, then a remote code exploitation is possible. That MAY be what NIS is picking up. Since your Flash Player is up to date, you are not being affected and Norton is blocking the intrusion attempt.

 

So, even though the websites are not known to be malicious, if their webmasters have not performed this update on their end, they may be vulnerable to these issues, unknowingly being compromised on their own sites.

 

If this is the case, there is nothing for you to do on your end.

 

Just a thought.

 

****IMPORTANT****  If you check the link I provided and happen to proceed to the Tech Notes, DO NOT download anything there - that material is just for those using Dreamweaver or Contribute to design websites. It is not the Flash Player intended for use on your computer.

 

 

Message Edited by Phil_D on 08-19-2008 03:54 PM