Sophos DNS Errors Prevent Security Updates
The culprit? An error in the company's DNS record.
The company denies that any DNS cache poisoning or hacking attack occurred. The problems were a result of an error by a Sophos service provider in updating the company's DNS settings. As the DNS record with the error propagated across the Internet, customers lost connection with the Sophos Website and servers. By the same token, even though the DNS record has been corrected, customers will continue to receive error messages until the new DNS values have spread. This may take as long as 48 hours for some customers.
Test Center first noticed the problem Thursday when the lab's ES1000 appliance started sending warning messages that it couldn't update its definition files. The network was up and running just fine. When the appliance started sending error messages saying, "The appliance is repeatedly failing to retrieve data updates from Sophos. The threat definitions on the appliance are not being updated," every hour, we suspected the company was having network issues.
Sophos issued a statement on its Website (which was unavailable to affected customers) and sent an e-mail to its Sophos Technical Alert mailing list: "We would like to reassure customers that the problems are not the result of a malicious attack, and that we are working with our service providers to ensure such an error does not occur again in future."
It is not quite clear how widely customers were affected, although the problem was limited to sophos.com. Country specific domains, like sophos.de and sophos.co.uk were unaffected. The new updates issued by SophosLabs Thursday will be downloaded once the correct DNS values are in place locally.