Antivirus News

A “significant” worm is successfully attacking unpatched Symantec enterprise anti-virus software because companies focus too much attention on Microsoft’s flaws and ignore those from other vendors, a security company warned Friday.

“Big Yellow,” the name eEye Digital Security has given the worm, was first captured Thursday by one of the company’s honeypot systems. The worm, which also has a botnet component that turns a victimized machine into a zombie at the beck and call of its controller, exploits a critical vulnerability in Symantec AntiVirus and Symantec Client Security, two of the vendor’s business security products. That vulnerability was reported to Symantec by eEye in May; the former fixed the flaw in June.

Symantec’s first notice of the vulnerability in AntiVirus and Client Security was posted May 26, and patches were made available June 6. On Nov. 29, Symantec made note of the release of exploit code.

“We’ve seen exploit code for some time, but [Big Yellow] is the first truly automated threat,” says Marc Maiffret, eEye’s chief technology officer. The worm, which appears to be of Chinese origin, already has infected a number of systems worldwide.

But while Maiffret took Symantec to task for downplaying the threat as far back as May, he left his most pointed criticism for short-sighted enterprises.

“Symantec used crappy wording [in its alert]. When a security professional reads ‘elevation of privilege,’ they think of something that can be only exploited locally. But this is a remotely exploitable bug. Symantec tried to downplay the threat, but they just do themselves, and their customers, a disservice by not correctly labeling it,” says Maiffret.

Worse, however, is the blind eye most corporations turn to non-Microsoft vulnerabilities, and the difficulty they have in keeping up with necessary patches.

“I’ve been preaching this all during 2006, that it’s more than a Microsoft world,” says Maiffret. In fact, he says he’s used the May Symantec vulnerability during security conference presentations as the perfect example of the kind of bug that could hit enterprises.

“The release of malware of this magnitude targeting non-Microsoft software was only a matter of time,” says Maiffret. “IT needs to understand that the new vector for attack will not come from Microsoft, but from the applications that are scattered throughout its network.”

With IT focused on Microsoft and Patch Tuesday, many companies ignore third-party vulnerabilities. Part of the problem, according to Maiffret, is the lame update and patch notification process that many vendors use. Symantec, for instance, doesn’t use an auto-update mechanism for Client Security or AntiVirus, which means customers must first be aware of a vulnerability, and then know how to find and download it.

“As Microsoft gets better [about security] attackers realized that there’s so much other software out there,” says Maiffret. “But the average vendor is about seven years behind Microsoft” in its vulnerability research and update processes. “They’re still partying like it’s 1999.”

Maiffret’s convinced that 2007 will see an explosion in vulnerabilities in and exploits against the likes of Symantec and other non-Windows vendors, including Apple. “From anti-virus to iTunes, these non-Microsoft desktop applications, many of which IT is not even aware of, will become the enterprise’s biggest point of vulnerability very, very quickly,” he says.

Symantec’s current advice is to patch Symantec AntiVirus and Client Security to protect systems against threats such as Big Yellow. A detailed guide on what versions must be patched and how is available on the Symantec support site.

A computer worm is attacking some business PCs through a flaw in antivirus software by Symantec Corp., a security company warned Friday.

EEye Digital Security, based in Aliso Viejo, said the worm, dubbed “Big Yellow,” began attacking some computer systems on Thursday — seven months after eEye first discovered the flaw.

Symantec released a patch to address the flaw in May, but it’s up to its corporate customers to install it. Officials at the Cupertino-based security software company said Friday it had so far received three reports of systems affected by the worm.

“It is definitely a new worm, and it is looking for vulnerable systems, but we’re not seeing any evidence of a significant outbreak or infection,” said Vincent Weafer, a senior director at Symantec’s security response unit.

Big Yellow enters machines through a security hole in the corporate version of Symantec’s antivirus software. Once infected with the worm’s “bot” program, a hacker can use it as a way to connect with other computers for malicious attacks.

EEye urged corporate information-technology departments to fix the flaw.

CUPERTINO, Calif. �?? Nov. 22, 2006 �?? Symantec Corp. (Nasdaq: SYMC) today launched the public beta of its new all-in-one consumer security service. Norton 360 combines Symantec�??s proven, industry-leading PC security and tuneup technologies with new automated backup and online transaction security capabilities. The service helps protect consumers from Internet threats, online scams and identity theft while safeguarding important documents, photos and music through automated online backup and restore functionality. Norton 360 is part of Symantec�??s broader Security 2.0 vision for the next generation of online security.

�??Today�??s consumers want to be able to work and play in the connected world with confidence that their information and activities are secure,�?� said Enrique Salem, group president, Consumer Business Unit, Symantec Corp. �??Norton 360 was created to provide computer users and their families a full range of protection that is automatic, powerful, and easy to understand and use. We�??re eager to receive customer feedback on the beta, as we make final adjustments for the formal launch of the product.�?�

Norton 360 provides consumers with the essential protection they need to secure their online activities and important data. The service offers protection from viruses, worms, Trojan horses, spyware, adware, hackers and other Internet threats and risks. Consumers can feel confident their confidential information is safe when banking and shopping online through Norton 360�??s online identity theft protection. Norton 360 also safeguards irreplaceable files such as photos and music through an automated online backup service.

Users aren�??t bothered with constant alerts because Norton 360 automatically resolves the vast majority of security, backup and PC tune-up issues quietly in the background. Norton 360 also provides consumers with free 24×7 support via embedded e-mail and online chat, which will be active during the beta period.

Norton 360 is backed by Symantec�??s unmatched security knowledge and assets, including the company�??s extensive Global Intelligence Network, which consists of the Symantec DeepSight Threat Management System and Symantec Managed Security Services, providing more than 40,000 sensors monitoring network activity in more than 180 countries. Norton 360 also takes advantage of Symantec�??s Phish Report Network, an extensive antifraud community where members contribute and receive fraudulent Web site addresses for alerting and filtering, to protect consumers against fraudulent Web sites.

Availability

Users can download the free public beta of Norton 360 from http://www.symantec.com/norton360beta. Beta testers must have Windows XP and an Internet connection, and they must uninstall other security solutions from their systems. The final version of Norton 360 is scheduled to be available for purchase by March 2007 in multiple languages and countries.