Network Security - New Worm Attacks Through Symantec Antivirus App

By Tim Gray

December 18, 2006 12:45PM

The software vulnerability through which the Big Yellow worm is able to penetrate Windows PCs was patched by Symantec in May 2006. But according to eEye Digital Security, many I.T. departments have not yet rolled out the fix, leaving these computers vulnerable to attack.

A new worm is making the rounds, attacking some business computers through a known -- and already patched -- flaw in a popular antivirus software suite from security

firm Symantec.

The worm, called "Big Yellow" and discovered initially by eEye Digital Security, zaps vulnerable computers with malicious code and turns them into remote-controlled zombie machines capable of wreaking all sorts of havoc at the behest of the hackers responsible for creating the worm.

Big Yellow exploits a vulnerability in the remote-management interface for Symantec AntiVirus and Symantec Client Security software packages.

Marc Maiffret, eEye's founder and CTO, said that the threat appears to be widespread and that eEye is tracking a server used by the worm to download part of its malicious payload. That server has pushed data out to more than 60,000 PCs already, according to eEye's data.

Old Vulnerability

Although eEye discovered and reported this vulnerability in May 2006 and worked with Symantec to create a patch at that time, many I.T. departments have not yet deployed the fix, Maiffret said. "Given the rapid discovery of critical security vulnerabilities within desktop applications other than Microsoft , the release of malware of this magnitude targeting non-Microsoft software was only a matter of time," noted Maiffret.

Maiffret also said users need to realize that attacks not only target Microsoft software but also the myriad applications that are scattered throughout a corporate network , from antivirus software to media applications. These non-Microsoft desktop applications, many of which are not even approved by I.T. departments, will become the enterprise 's biggest point of vulnerability, according to Maiffret.

However, Natalie Lambert, an analyst with Forrester Research, said that while the flaw is potentially fatal to some systems, the fact that a fix for the hole was first pushed out by Symantec last May means diligent users can stop the worm in its tracks. Lambert said it is the casual user, not the enterprise, that is most likely to be affected by this outbreak.

"Consumers are the weak link here," said Lambert, who noted that it's the job of I.T. administrators to constantly update and protect their company's network. "And they are generally very good at it," she said.

No Zero-Day Attack (continued...)

1 | 2 | Next Page >

Network Security

1.	Peer-to-Peer Software Ban Sought
2.	Los Alamos Computer Security Weak
3.	Security Firm Fortinet Plans IPO
4.	Heartland Restraining Order Denied
5.	Social-Networking Security a Concern

Most Popular Articles

1.	Verizon's Buzz for Motorola's Droid Fizzles at Day's End
2.	Facebook Hijacking Points To Social-Networking Holes
3.	Motorola's Droid 'Doing Fine' with About 100,000 Sold
4.	Dell Will Debut Mini 3 Smartphone in China and Brazil
5.	Sophos, Microsoft Disagree on Windows 7 Security

Have an informed opinion on this story?
Send a Letter to the Editor.

We want to know what you think.
Send us your Feedback.


Friday, November 20th