Turns out that if someone types "startkeylogger" or "stopkeylogger" in an IRC channel, anyone on the channel using the affected Norton products will be immediately kicked off without warning.

hehehe.... The problem with a lot of automated tools that try to respond to attacks is that an attack can trigger them intentionally. Dropping in a firewall rule to block anyone who port scans you? Why don't I spoof a port scan from your favorite website? Even worse is the idea of automatically retaliating. Retaliating security software is Texan for distributed denial of service zombie.