On The Insider: OJ Simpson: Guilty Again
BNET Business Network:
BNET
TechRepublic
ZDNet
46 TalkBacks

By Joris Evers
Posted on ZDNet News: Dec 15, 2006 11:12:00 PM

A new worm that uses a known security hole in Symantec's corporate antivirus tools to spread has hit the Net, experts warned Friday.

The worm, dubbed "Big Yellow" by eEye Digital Security, turns vulnerable computers into remote-controlled zombies. It is the second such malicious code in as many months that exploits a 6-month-old security flaw in Symantec Client Security and Symantec AntiVirus Corporate Edition. A fix for the flaw has been available since May.

The new "botworm" scans for computers running the vulnerable Symantec software and then attempts to break in, said Marc Maiffret, chief technology officer at eEye, an Aliso Viejo, Calif.-based security software maker. The threat appears to be widespread, Maiffret said. eEye is tracking a server used by the worm to download part of its malicious payload; that server has pushed data out to more than 60,000 systems, he said.

Symantec is aware of the new worm, which it calls "Sagevo," said Vincent Weafer, a senior director at Symantec Security Response. However, the Cupertino, Calif., company doesn't see it as a big threat. Only three customers have seen it and there isn't anything more than "background noise" on Symantec's network of security sensors, he said.

"Technically eEye is correct, there is a new botworm out there," Weafer said. "But the impression and the worm alert is misleading because we are not seeing any activity."

A similar worm, a variant of Spybot, spread last month. When installed on a PC, both Spybot and Big Yellow open a back door in the system and connect to an Internet Relay Chat server to let the remote attacker control the compromised computer. Such remote control software is the most prevalent threat to Windows PCs, according to Microsoft.

The fact that a bug in Symantec's widely used security software is being exploited by worms underscores a security trend that experts have pointed out before: attackers are increasingly looking beyond the operating system for flaws.

"Any time you have vulnerability in a major application, the likelihood of having it used in a botworm is much higher," Weafer said. "Vulnerability research and exploits are going from operating system level into the application level. It is something we’re going to continue to see."

And while patching Microsoft applications has become second nature for many IT departments, the same does not hold true for other software programs, Maiffret said. "People should be thinking about non-Microsoft software when it comes to patching," he said.

  • Talkback
  • Most Recent of 46 Talkback(s)
Yikes....Reading mail, surfing....
...The very first Maint. lesson I teach every user...Update your AV manually at least once a week even if it is set up to auto update, and this is your AV icon in the systray area (this is what it loo... (Read the rest)
Posted by: cglrcng@... Posted on: 12/19/06 You are currently: Logged In | Log out
Vista Yensi717   | 12/15/06
All too true. John Zern   | 12/15/06
they did doh123   | 12/17/06
Wait, so... A_Pickle   | 12/18/06
Clueless M$ supporter Glen Guenther   | 12/18/06
Pathetic mobrien_12@...   | 12/17/06
Try AVG Free Edition otaddy   | 12/17/06
Seconded. A_Pickle   | 12/18/06
Seconded, squared electro@...   | 12/18/06
AVG Free LeighCMellor@...   | 12/19/06
I remember... A_Pickle   | 12/18/06
Removing spyware/virus??? lamp299   | 12/18/06
That is pure junk....I remove many backdoor cglrcng@...   | 12/18/06
Part of my regular toolkit is SYMCLN.exe cglrcng@...   | 12/18/06
Pathetic rfennimore@...   | 12/18/06
Try AVG Free, so far it works cglrcng@...   | 12/18/06
Alternate Software, have you tried... kevsnet   | 12/19/06
Message has been deleted. kevsnet   | 12/19/06
avg also slow_descent   | 12/18/06
False sense of security? NonZealot   | 12/18/06
False sense of security? rfennimore@...   | 12/18/06
Try Avast! Sparhawk_z   | 12/18/06
What problems do you see? kwilproduction@...   | 12/18/06
AVG good as any other rdunn@...   | 12/18/06
NONE OF THEM catch 100% Period! cglrcng@...   | 12/18/06
Down with Symantec. Down with McAfee. A_Pickle   | 12/18/06
And it won't run on 95% of hardware cglrcng@...   | 12/18/06
You're seriously nuts... A_Pickle   | 12/18/06
Have you PERSONALLY tried cglrcng@...   | 12/19/06
For that matter.... cglrcng@...   | 12/19/06
Never enough info quarky42   | 12/18/06
Never enough info rfennimore@...   | 12/18/06
Just posted this on the story at your link; cglrcng@...   | 12/18/06
Forgot the most Important thing. cglrcng@...   | 12/18/06
LIVE UPDATE is the patch retrieval link cglrcng@...   | 12/18/06
Read it again... Glen Guenther   | 12/18/06
It gives more info than you seem to believe... Glen Guenther   | 12/18/06
YES, what versions of Symantec? kevsnet   | 12/19/06
Just want Symantec to give a damn. tom_kelley@...   | 12/18/06
I noticed that also.... cglrcng@...   | 12/18/06
...and do what? Glen Guenther   | 12/18/06
Are you telling me...That there are cglrcng@...   | 12/18/06
I wish I weren't saying that... Glen Guenther   | 12/18/06
Yikes....Reading mail, surfing.... cglrcng@...   | 12/19/06
To hell with Symantec maxtheaxe   | 12/18/06
Look up above and I told how to cglrcng@...   | 12/18/06

What do you think?

  • Printers
  • 'Green' Font Cuts Costs and Saves Trees (BNET)
  • Three Ways to Save Paper (BNET)
  • CNET Reviews printer buying guide (CNET)
  • View all printers-tagged content on ZDNet
  • Plan B from Brother
  • It's the smarter way to work in color Our professional color ink-jet all-in-ones give you more choices, more features, and more value. Make the Smarter Choice. Learn More »
advertisement
Click Here