Malware purveyors attack Symantec security system with Big Yellow

**Anilrgowda** · 17-Dec-2006, 12:12 AM

In what could be a trend toward attacking software other than Microsoft products, malware attackers have turned their attention on a vulnerability in Symantec anti-virus software. The exploit, discovered by security watchdog firm eEye Digital, has been dubbed Big Yellow and is now active with characteristics of both a worm and a botnet, according to the company. This is the major vulnerability in Symantec enterprise security identified by eEye earlier this year. In May, an embarrassed Symantec acknowledged that there was a high impact vulnerability in its Symantec Client Security and Symantec AntiVirus Corporate Edition.

eEye says the Symantec exploit is currently propagating in the wild using Symantec’s popular anti-virus software. Big Yellow exploits a vulnerability in the remote management interface for versions of Symantec AntiVirus and Symantec Client Security, which could be remotely exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system, thus giving the attacker complete control.

According to eEye, Many IT departments are not prepared for attacks on non-Microsoft-based applications and have not yet deployed a patch available for this widely deployed anti-virus software. An eEye spokesperson said the new class of malware presents a very potent problem for the enterprise.

“Given the rapid discovery of critical security vulnerabilities within desktop applications other than Microsoft, the release of malware of this magnitude targeting non-Microsoft software was only a matter of time,” said Marc Maiffret, eEye’s founder and CTO.

“IT urgently needs to understand that the new vector for attack will not come from Microsoft, but from the myriad applications that are scattered throughout its network. From anti-virus to iTunes, these non-Microsoft desktop applications, many of which IT is not even aware of, will become the enterprise’s biggest point of vulnerability very, very quickly. We strongly recommend IT take two steps immediately. First, enterprises need to implement a vulnerability management program that includes more than just Microsoft applications. Second, enterprise IT should implement a comprehensive, integrated endpoint security product that delivers proactive protection from unknown and known threats.”

17-Dec-2006, 12:12 AM	#1 (permalink)
Anilrgowda Administrator Posts: 18,715 Join Date: Jan 2006 Rep Power: 10 IM:	Malware purveyors attack Symantec security system with Big Yellow In what could be a trend toward attacking software other than Microsoft products, malware attackers have turned their attention on a vulnerability in Symantec anti-virus software. The exploit, discovered by security watchdog firm eEye Digital, has been dubbed Big Yellow and is now active with characteristics of both a worm and a botnet, according to the company. This is the major vulnerability in Symantec enterprise security identified by eEye earlier this year. In May, an embarrassed Symantec acknowledged that there was a high impact vulnerability in its Symantec Client Security and Symantec AntiVirus Corporate Edition. eEye says the Symantec exploit is currently propagating in the wild using Symantec’s popular anti-virus software. Big Yellow exploits a vulnerability in the remote management interface for versions of Symantec AntiVirus and Symantec Client Security, which could be remotely exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system, thus giving the attacker complete control. According to eEye, Many IT departments are not prepared for attacks on non-Microsoft-based applications and have not yet deployed a patch available for this widely deployed anti-virus software. An eEye spokesperson said the new class of malware presents a very potent problem for the enterprise. “Given the rapid discovery of critical security vulnerabilities within desktop applications other than Microsoft, the release of malware of this magnitude targeting non-Microsoft software was only a matter of time,” said Marc Maiffret, eEye’s founder and CTO. “IT urgently needs to understand that the new vector for attack will not come from Microsoft, but from the myriad applications that are scattered throughout its network. From anti-virus to iTunes, these non-Microsoft desktop applications, many of which IT is not even aware of, will become the enterprise’s biggest point of vulnerability very, very quickly. We strongly recommend IT take two steps immediately. First, enterprises need to implement a vulnerability management program that includes more than just Microsoft applications. Second, enterprise IT should implement a comprehensive, integrated endpoint security product that delivers proactive protection from unknown and known threats.”

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Symantec Gives Vista Security a So-So Grade	Anilrgowda	Microsoft windows vista error	0	07-Mar-2007 07:44 AM
Symantec clears Vista on malware	Anilrgowda	Microsoft windows vista error	0	01-Mar-2007 10:19 PM
Symantec Takes Aim at Windows Vista Security	Anilrgowda	Microsoft windows vista error	0	28-Feb-2007 08:30 AM
Symantec Offers Five-in-One Security Bundle	AQUARIAN	Security News	0	27-Feb-2007 12:24 AM
Vista's UAC security is hopeless, says Symantec	Anilrgowda	Microsoft windows vista error	0	16-Jan-2007 09:58 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)