[Full-disclosure] Microsoft AntiSpyware attacks Norton AV?

["Joel R. Helgeson" <joel@xxxxxxxxxxxx>]

Is anyone else seeing/experiencing this?

A customer of mine stated that Microsoft AntiSpyware updated its signature 
files between 2/9 and 2/10 to signature version 5805.
When it scanned each system it found a Trojan called PWS.Bancos.A (Password 
Stealer) - Level: Severe

When it quarantined the bug, it also rendered the Symantec Anti-Virus helpless. 
 The Rtvscan.exe kicks up to 100% CPU utilization.
The only way to stop it is try to end process in task master or reboot the 
computer system.  Either will release the CPU however, how the
Symantec Antivirus is corrupt and not usable.  


My take on what has happened:
<speculation>
The PWS.Bancos.A virus was apparently distributed with the Bagle worm, it 
attacked and shut down Microsoft AntiSpyware as well as deleted executable 
files and killed running processes for anti-virus software. 

It appears that MS AntiSpyware incorrectly identified some parts of Symantec's 
AntiVirus as being the trojan and then went to delete the infection.  Once 
deleted, It threw Symantec AV into a tailspin causing 100% CPU utilization 
wherein upon reboot or killing the offending task, SAV was rendered useless and 
needing to be reinstalled.
</speculation>

Microsoft very quickly released signature version 5807 to correct the mistake.

Anyone else seeing this?

Joel

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/