This is not a black mark on Symantec. It's just the kind of thing that happens as threat databases get larger and both legitimate developer and virus/worm writers re-use snippets of code found on the web.
I just came up against the same thing. My friend John and I were writing a very small Python app for his employer. Much of the gui and some of the actual executable code came from The Vaults of Parnassus, which is a popular Python code repository. (See it here. It is a fine resource!) Every AV application we have access to freaks at our application because three or four malware programs also use the same bits of code our application does. So, we are stuck re-inventing the wheel, though in an admittedly very small way.
I assume something like this is what happened in this case.