Malware purveyors attack Symantec security system with Big Yellow

Stan Beer
Sunday, 17 December 2006 05:50

Your IT - Home IT

In what could be a trend toward attacking software other than Microsoft products, malware attackers have turned their attention on a vulnerability in Symantec anti-virus software. The exploit, discovered by security watchdog firm eEye Digital, has been dubbed Big Yellow and is now active with characteristics of both a worm and a botnet, according to the company.

This is the major vulnerability in Symantec enterprise security identified by eEye earlier this year. In May, an embarrassed Symantec acknowledged that there was a high impact vulnerability in its Symantec Client Security and Symantec AntiVirus Corporate Edition.

eEye says the Symantec exploit is currently propagating in the wild using Symantec’s popular anti-virus software. Big Yellow exploits a vulnerability in the remote management interface for versions of Symantec AntiVirus and Symantec Client Security, which could be remotely exploited by an anonymous attacker in order to execute  arbitrary code with SYSTEM privileges on an affected system, thus giving the attacker complete control.

According to eEye, Many IT departments are not prepared for attacks on non-Microsoft-based applications and have not yet deployed a patch available for this widely deployed anti-virus software.

An eEye spokesperson said the new class of malware presents a very potent problem for the enterprise.

“Given the rapid discovery of critical security vulnerabilities within desktop applications other than Microsoft,  the release of malware of this magnitude targeting non-Microsoft software was only a matter of time,” said Marc Maiffret, eEye’s founder and CTO.

“IT urgently needs to understand that the new vector for attack will not come from Microsoft, but from the myriad applications that are scattered throughout its network. From anti-virus to iTunes, these non-Microsoft desktop applications, many of which IT is not even aware of, will become the enterprise’s biggest point of vulnerability very, very quickly. We strongly recommend IT take two steps immediately. First, enterprises need to implement a vulnerability management program that includes more than just Microsoft applications. Second, enterprise IT should implement a comprehensive, integrated endpoint security product that delivers proactive protection from unknown and known threats.”