Some of Symantec’s enterprise security customers got a surprise Friday night when they received an alarming warning that an unprecedented Internet security event was underway. The e-mail alert warned that Symantec’s DeepSight threat level had been raised from level 1 to level 4. The gauge had never before exceeded Level 3, which it last attained during the Sasser worm attack in May 2004.
It turned out to be a false alarm generated by a system test. “The DeepSight Threat Management System is NOT at ThreatCon 4,” Symantec said in a follow-up email an hour later. “At 18:40 MST on September 21, 2007 an erroneous ThreatCon 4 update was issued through DeepSight TMS due to product testing. This ThreatCon 4 update should be disregarded.” As Emily Litella might say, “”Oh, that’s very different… Never mind!”