Here's what I wrote at the time: Security is serious business, and details matter.When a company as large as Mc Afee is this sloppy with its public response to a high-profile issue, it makes you wonder how tightly the engineering, development, and support sides of the business are being operated. Ironically, one company that was apparently affected by this issue is Intel, which was identified by the New York Times.One correspondent says he just fixed over 300 PCs: "Looked so much like Blaster from way back. Moving clients to something with more centralized control ASAP." This issue affected a large number of users and is not resolved by simply replacing Unfortunately, using this method, you have no way to determine if some of the files you are restoring are vital system files or virus files.You must boot to safe mode, then installl the extra.dat, then manually run the vscan console. However, only particular configurations of these versions appear affected.The bad DAT file may infect individual workstations as well as workstations connected to a domain.
(Intel acknowledged the "Update: I'm beginning to hear directly from people who were affected by this coloassal screw-up.From a desktop browser window, connect to the Mc Afee Virus Scan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account. Under "Scheduled Tasks", under "Task Summaries", with the assistance of the Mc Afee VSEL SA, identify the Virus Scan DAT update task.Verify the "Type" is "Update" and the "Status" is "Completed" with Results of "Update Finished".As I commented on Twitter earlier today, I'm not sure any virus writer has ever developed a piece of malware that shut down as many machines as quickly as Mc Afee did today.Here's how the SANS Internet Storm Center describes the screw-up: Mc Afee's "DAT" file version 5958 is causing widespread problems with Windows XP SP3.Mc Afee now has its own Knowledge Base page posted, with details about the problem and the fix.The symptoms are described, tersely, as "Blue screen or DCOM error, followed by shutdown messages after updating to the 5958 DAT on April 21, 2010." The faulty update has been removed from Mc Afee download servers for corporate users, preventing any further impact on those customers.The affected systems will enter a reboot loop and [lose] all network access.We have individual reports of other versions of Windows being affected as well.Anti-virus signature files are updated almost daily by anti-virus software vendors.These files are made available to anti-virus clients as they are published.