The Apple Worm?

According to Norton AntiVirus, Apple’s own QuickTime.com website may be a threat to the safety of my (and your) computer. I was trying to view the M:i:III Trailer (link below in plain text, so you can think twice before clicking).

I’m not sure who is at fault. It’s either Apple with a contaminated server, or Norton who incorrectly pushed a bad Virus definition file out. Either way it’s a bad thing.

Apple Integer Overflow

Details: Attempted Intrusion “Apple Quicktime MOV Integer Overflow” against your machine was detected and blocked.
Intruder: movies.apple.com(62.153.251.222)(http(80)).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: XXX(192.168.xxx.xxx).
Attacked Port: 2499.

The URL in question is (proceed with caution):

http://www.apple.com/trailers/paramount/missionimpossibleiii/large.html

Anyone want to take a guess who is at fault? This is with Norton 2005 with 3/15/2006 Definitions.

Edit [3/16/2006 10:36PM EST]: Changed title to accurately represent dialog trojan worm. Added Norton Version.
Edit [3/17/2006 10:58AM EST]: Symantec acknowleges a problem with AOL in it’s latest update.
Edit [3/19/2006 5:30PM EST]: An document about the vulnerability (no mention on this bug), and update documentation.

9 thoughts on “The Apple Worm?

  1. I get that message too, but only when I goto apples quicktime movie site.. anyother site such as hbo’s quicktime movies work fine. strange. I would best it’s apples site and nortons update are not getting along.

  2. whats strange is I am running 7.0.3 of QuickTime for windows so there is nothing to update…. Ohh well, see if it’s fixed monday. symantec may not get to a fix until wednesday as thats the day they fix anything or give out the updates… I haven’t seen anything else on the net about this so it’s clearly a norton problem. other wise we would read more about this on other sites such as DSLreports.com

  3. Received the following advice from Symantec. It doesn’t work btw. I’ve sent them another E-mail.

    I’m sorry, but the solution below has not solved the issue surrounding Quicktime whatsoever. A complete fresh install of NIS 2005, iTunes and QT7 resolves nothing either. Since your update of 15-03-2006 my Quicktime Pro 7 has been rendered inoperable on Apple’s website. Before that update QT7 Pro & iTunes operated flawlessly in Opera 8.23, Firefox and IE7 public beta 2 on Apple’s website in WinXP[Home] SP2. What on earth has Symantec done to cause this problem and what are you doing to get it resolved? At this point in time you seem to have done absolutely nothing to sort this problem, or, admit that there is one. On looking at various internet newsgroups, it is clear that I am not the only one experiencing this problem.

    Why then is Norton telling me I’m being attacked by a worm when I clearly am not? QT 7.0.4 was brought out to resolve this security issue. Is Apple running a corrupt server or has Norton made a mess of the 15-03-2006 update? I am now losing my faith in your product as it simply does not seem to be operating correctly. How can I have faith in the security of my computer, and my network, if you bring out a dud update which blocks access to material on one of the internets major websites?

    This also raises the question “Does the rest of NIS2005 operate correctly on my OS [WinXP Home – SP2]?? On further inspection – NO. Script errors in trying to I access various settings, especially Anti Spam settings, personal firewall settings, etc.. This is a clean install of NIS2005, downloaded from your own site? What is going on with your product? Up until now I have never had any issues with NIS products, but I now feel my whole security has been compromised by your 15-03-2006 update.

    A solution please.

    ___________________________________

    Thank you for contacting Symantec Online Technical Support.

    We are currently experiencing higher than normal message volumes. We apologize for any inconvenience this delay may have caused and thank you for your patience.

    I understand from your message that, you are facing issue accessing Web sites that uses Quick Time and I tunes program which is installed in your computer.

    I apologize for the inconvenience this may have caused.
    Richard, please note that this issue can happen due to corrupted Firewall programs. Please note that in most cases, Restoring the default firewall rules and then running Program scan resolves the issue.

    I understand that the steps are painstaking but I necessitate your co-operation. In order to know how to restore default firewall rules, please follow the instructions mentioned in the document provided below:

    Title: ‘Modifying or restoring the default firewall rules in Norton Internet Security or Norton Personal Firewall’
    Document ID: 2005083015103436
    > Web URL:
    http://service1.symantec.com/S.....on_ols_nam

    After restoring the Firewall,rules I suggest you to run Program Scan and then check whether you can access email using your email program.

    Please note that the Program Scan in Norton Internet Security and Norton Personal Firewall searches your hard drive for Internet-enabled programs and displays these programs in a list. You can then select the programs to which you want to apply firewall rules. Firewall rules configure the firewall to permit or not permit an Internet-enabled program to access the Internet.

    For more information to know how to run Program Scan in NIS 2005, please refer to the document linked below:

    Title: ‘Scanning for Internet-enabled programs in Norton Internet Security or Norton Personal Firewall’ Document ID: 2002091708325336
    > Web URL:
    http://service1.symantec.com/S.....on_ols_nam

    Thank you for contacting us. We hope this service proves to be useful.Feel free to contact us for any further queries or concerns, about your Symantec program.

  4. Richard, Sounds like they are giving you the typical run around. That’s what I hate about symantec as a company. bad level of support. I wouldn’t be shocked if they out source there support to India. from reading the apple Forum’s the problem is with Intrusion detection in nortons firewall. so to fix it with the apple site tell symantec gets off there high horse. you should just turn off intrusion detection when you goto apples site. do this before hand then after words turn it back on, works for me. I am behind a router so I am not sure i really need it turn on anyway.

  5. I’m also behind a router with a hardware firewall and, like yourself, it’s not necessary to have NIS active to access trailers on the Apple site. However, as you’ll agree, it’s the principle. The new difinitions rolled out yesterday for Norton have not even addressed the issue and both Symantec & Apple are offering no clue as to what is causing this. It’s clearly a NIS problem, that’s clear to see when you get full access whrn disabling NIS security. Perhaps they’re just lazy at Symantec and don’t perceive the fact that their customers are having problems with accessing parts of a major world website problem as a priority. My renewal is up in June and Norton will be history as far as I’m concerned. I’m fed up with the huge programme, it’s slowness and the CPU hogging monster it’s become.

  6. To adress the above comment, a hardware firewall doesn’t stop worms, or any sort of buffer overflows as implied. Therefore NIS would be necessary for protection. Unless of course the hardware firewall provided virus scanning on all data transfered (highly unlikely).

  7. You are quite correct Robert. I only lower it to download the trailer, I then scan it before opening it. Currently, that’s the only way to get the trailers operating, apart from viewing them in another site that is.

  8. It looks as though you’re correct. I’m also able to view trailers again without any intrusion detection notifications from NIS2005. I’ve sent an E-mail to my contact at Symantec advising him of this.

Leave a Reply

Your email address will not be published. Required fields are marked *