Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Symantec AV linked to Verisign certificate problem, DUGallery, False Weather Alerts, more phishing - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Symantec AV linked to Verisign certificate problem, DUGallery, False Weather Alerts, more phishing

Verisign Certificate Expiration linked to Symantec AV issue

Today, a Verisign root certificate included with Internet Explorer expired. As a result, Verisign's certificate revocation list server was not able to handle all the requests from clients attempting to contact it as a result of the expiration.

Verisign, apparently to lower the load on its server, now resolves this server to non-routable 10/8 IP addresses 50% of the time.

Some applications, most notably Norton Antivirus, use this server to verify certificates. In the case of Norton Antivirus, it is used to verify its signature file.

As 50% of the time, users will not be able to contact Verisigns certificate revocation list, Norton Antivirus will stall.


Verisign set the TTL of its DNS records rather short. So if you try after one minute again, you will likely get a valid IP address. If this is not an option, edit your hosts file and insert one of these IPs for '':,,,

However, this is not recommended as a long term solution, as these IPs may
change at any time.

Web Defacements

At least one web-defacement crew appears to use Google to find sites with
vulnerable versions of 'DUGallery' installed. Recently, a number of issues
regarding this product where posted to Bugtraq. As of this writing, no
updates are available.

False Weather Alerts

A user reported that the "Weatherbug" application he is using is displaying
false weather alerts. We have not identified the source of the false alerts. According to the report we received, corrections followed shortly after the false warnings had been received.

Phishing sites of the day

We did receive reports about spam advertising a fake Citibank site.


Johannes Ullrich, SANS Institute, jullrich_AT_sans.orgI will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022


4509 Posts
ISC Handler
Jan 8th 2004

Sign Up for Free or Log In to start participating in the conversation!