This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attemps to exploit to symantec liveupdate administrator CSRF vulnerability
The Symantec LiveUpdate Administrator is an enterprise Web application
that allows you to manage Symantec updates on multiple internal Central
LiveUpdate servers, called Distribution Centers. Using the Symantec
LiveUpdate Administrator, you download updates to the Manage Updates
folder, and then publish the updates to production distribution servers
for LiveUpdate clients to download, or to testing distribution centers,
so that the updates can be tested before they are published to production.
The webfrontend do not properly sanitize some variables before being
returned to the user.
If an attacker supplies a username, containing scriptcode, at the
login-page of the service, an entry in the Event Log is done, containing
If the admin user is viewing the logfile, the scriptcode will be
- Symantec LiveUpdate Administrator