Worm targets Symantec users

gallery

A deadly new worm is successfully attacking computers running unpatched versions of Symantec enterprise anti-virus as companies maintain their focus on flaws in Microsoft products, warned a security company.

Network security and vulnerability management software company eEye Digital Security said that the "Big Yellow" malware has both "worm and botnet characteristics" and is currently rampaging through the internet exploiting Symantec's anti-virus software.

The worm exploits a vulnerability in the remote management interface for versions of Symantec AntiVirus and Symantec Client Security, which could be remotely exploited by an anonymous attacker in order to execute arbitrary code with system privileges on an affected system, thus giving the attacker complete control.

The company said that many IT departments have still not patched up the application and have not considered their desktop security applications as a point of vulnerability.

"Given the rapid discovery of critical security vulnerabilities within desktop applications other than Microsoft, the release of malware of this magnitude targeting non-Microsoft software was only a matter of time," said Marc Maiffret, eEye's founder and CTO.

Maiffret said that IT urgently needed to understand that the new vector for attack "will not come from Microsoft, but from the myriad applications that are scattered throughout its network."

"From anti-virus to iTunes, these non-Microsoft desktop applications, many of which IT is not even aware of, will become the enterprise's biggest point of vulnerability very, very quickly," he said.

He said that enterprises needed to implement a vulnerability management program that included more than just Microsoft applications.

"Enterprise IT should implement a comprehensive, integrated endpoint security product that delivers proactive protection from unknown and known threats," said Maiffret.

Email to a friend

Print this page