A new worm is making the rounds, attacking some business computers through a known -- and already patched -- flaw in a popular antivirus software suite from security firm Symantec.
The worm, called "Big Yellow" and discovered initially by eEye Digital Security, zaps vulnerable computers with malicious code and turns them into remote-controlled zombie machines capable of wreaking all sorts of havoc at the behest of the hackers responsible for creating the worm.
Big Yellow exploits a vulnerability in the remote-management interface for Symantec AntiVirus and Symantec Client Security software packages.
Marc Maiffret, eEye's founder and CTO, said that the threat appears to be widespread and that eEye is tracking a server  used by the worm to download part of its malicious payload. That server has pushed data out to more than 60,000 PCs already, according to eEye's data.
Old Vulnerability
Although eEye discovered and reported this vulnerability in May 2006 and worked with Symantec to create a patch at that time, many I.T. departments have not yet deployed the fix, Maiffret said. "Given the rapid discovery of critical security vulnerabilities within desktop applications other than Microsoft , the release of malware of this magnitude targeting non-Microsoft software was only a matter of time," noted Maiffret.
Maiffret also said users need to realize that attacks not only target Microsoft software but also the myriad applications that are scattered throughout a corporate network , from antivirus software to media applications. These non-Microsoft desktop applications, many of which are not even approved by I.T. departments, will become the enterprise 's biggest point of vulnerability, according to Maiffret.
However, Natalie Lambert, an analyst with Forrester Research, said that while the flaw is potentially fatal to some systems, the fact that a fix for the hole was first pushed out by Symantec last May means diligent users can stop the worm in its tracks. Lambert said it is the casual user, not the enterprise, that is most likely to be affected by this outbreak.
"Consumers are the weak link here," said Lambert, who noted that it's the job of I.T. administrators to constantly update and protect their company's network. "And they are generally very good at it," she said.
No Zero-Day Attack
The Big Yellow worm represents the latest in a broad trend in which hackers have turned away from targeting operating systems and have begun to create code to penetrate PCs through software applications themselves. The trend to attack applications has forced Microsoft to release a growing number of non-Windows software patches in recent months.
Additionally, the Big Yellow worm indicates that it doesn't take a zero-day vulnerability for malicious hackers to succeed at their nefarious tasks. Over the course of the past year, security experts have consistently cautioned about zero-day attacks -- in which hackers are able to exploit a software vulnerability for which there is no patch.
The experts say these attacks provide a significant challenge, especially because they typically begin only in very limited numbers, effectively flying beneath the attack-detection radar.
However, if the Big Yellow worm is any indication of future trends, hackers will not need to target freshly discovered vulnerabilities to wreak havoc. After all, the Big Yellow worm attacks a software flaw that Symantec patched some six months ago.
|
