Symantec Norton Protected Recycle Bin Exposure
Norton SystemWorks contains a feature called the Norton Protected Recycle Bin, which resides within the Microsoft Windows Recycler directory. The Norton Protected Recycle Bin includes a directory called NProtect, which is hidden from Windows APIs. Files in the directory might not be scanned during scheduled or manual virus scans. This could potentially provide a location for an attacker to hide a malicious file on a computer.
Symantec has released a product update that will now display the previously hidden NProtect directory in the Windows interface.
Affected Product(s):
Norton SystemWorks 2005 and 2006
Norton SystemWorks Premier 2005 and 2006
Symantec Response
Symantec product engineers have developed and released an update for products affected by this exposure. The update is available through Symantec LiveUpdate by running a manual update. To manually update via Symantec LiveUpdate, users should:
Open Norton SystemWorks
Click on LiveUpdate
Run LiveUpdate until all available Symantec product updates are downloaded and installed
This update will require a system reboot.
Symantec is not aware of any attempts by hackers to conceal malicious code in the NProtect folder. This update is provided proactively to eliminate the possibility of that type of activity.
As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec recommends customers update their products to protect against any probability of this type of threat.
Complete advisory in Symantec's website