Symantec had advance intelligence of the Slammer worm that might have significantly mitigated the damage it wrought around the world (South Korea lost most of its telecommunications capacity a day), but it withheld the information from all but a few premium customers. Symantec says that this is just good business (and if you want the scoop, you should buy a premium subscription), but full disclosure has been an important security practice across the industry. Ironically, Symantec and other “security labs” are prone to releasing hysterical, business-boosting alerts about non-event “malware” (remember the Perrun “JPEG virus?”), but when they’ve got real news, they hold their cards very close to their chests.
In a Feb. 12 press release about its DeepSight Threat Management System, Symantec boasts that the company “discovered the Slammer worm hours before it began rapidly propagating … then delivered timely alerts and procedures (to DeepSight users), enabling administrators to protect against the attack.”
Security experts are angry that Symantec did not publicly release any information the company had regarding Slammer.
“This appears to be what I would term gross negligence,” said Jeff Johnstone of the Diamond Technical Group, a security consulting firm. “This was not prior knowledge of a bug or exploit, but was knowledge of a pending worldwide attack on the infrastructure of the Internet. That type of information is always shared among peers within the security community.”