Worm Attacks Symantec Enterprise AntiVirus

A "significant" worm is successfully attacking unpatched Symantec enterprise antivirus software because companies focus too much attention on Microsoft's flaws and ignore those from other vendors, a security company warned Friday.

"Big Yellow," the name eEye Digital Security has given the worm, was first captured Thursday by one of the company's honeypot systems. The worm, which also has a botnet component that turns a victimized machine into a zombie at the beck and call of its controller, exploits a critical vulnerability in Symantec AntiVirus and Symantec Client Security, two of the vendor's business security products. That vulnerability was reported to Symantec by eEye in May; the former fixed the flaw in June. Worm Attacks Symantec Enterprise AntiVirus - News by InformationWeek

Linked by shanmuga Sunday, 17th December 2006 11:08PM