SANS Internet Storm Center.
Published: 2010-04-21
McAfee’s “DAT” file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and loose all network access. We have individual reports of other versions of Windows being affected as well. However, only particular configurations of these versions appear affected. The bad DAT file may infect individual workstations as well as workstations connected to a domain. The use of “ePolicyOrchestrator”, which is used to update virus definitions across a network, appears to have lead to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update “DAT” files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity.
http://isc.sans.org/diary.html?storyid=8656
Anecdotal numbers of affected computers could reach a final tally that reaches into the millions.
Nilay Patel at Engadget quotes a statement from McAfee
The faulty update has been removed from McAfee download servers for corporate users, preventing any further impact on those customers. We are not aware of significant impact on consumer customers and believe we have effectively limited such occurrence.
http://www.engadget.com/2010/04/21/mcafee-update–shutting-down-xp-machines/
McAfee Corporate KnowledgeBase ID: KB68780
http://vil.nai.com/vil/5958_false.htm
