RSSMalware Exploits Anti-Virus Software Hole
By Ed Oswald | Published December 15, 2006, 1:11 PM
Security firm eEye Digital Security said Friday it had discovered a new non-Microsoft based malware that has both the characteristics of a worm and a botnet spreading the wild. However, it uses a flaw in a program meant to protect users from such issues to propagate itself.
The flaw is within Symantec's popular anti-virus software. Calling it "Big Yellow," the exploit takes advantage of an issue within the remote management interfaces of both Symantec AntiVirus and Symantec Client Security.
The worm was first discovered late Thursday by researchers on the firm's "Honey Pot" network, a system specifically designed to identify new attacks. More information on the issue can be found at the eEye website.
The problem could be exploited by an anonymous attacker, which, by executing arbitrary code could take complete control of an affected system.
A patch for the issue has been available since May of this year. However, eEye claims that many IT departments and home users have not applied this important patch, putting them at risk for attack.
"Given the rapid discovery of critical security vulnerabilities within desktop applications other than Microsoft, the release of malware of this magnitude targeting non-Microsoft software was only a matter of time," said Marc Maiffret, eEye's founder and CTO.
Maiffret continued by saying that IT administrators have to be better prepared to fight against attacks from any vector. An increasing number of attacks are being aimed at programs other than those produced by Microsoft.
eEye recommends taking two steps immediately, "First, enterprises need to implement a vulnerability management program that includes more than just Microsoft applications."
"Second," Maiffret added, "Enterprise IT should implement a comprehensive, integrated endpoint security product that delivers proactive protection from unknown and known threats."
Moved!
Score: 0
|Symantec was good .... in the DOS / Win 3.11 ages. Now it's pure garbage since Peter Norton hires only gay programmers.
Score: 0
|I was unaware that there was a correlation between being gay and having the ability (or not) to be a great programmer.
It's amazing what one can learn on this forum.
(sigh)
Score: 0
|Man, I wish this place gave mod-points ala slashdot. Posts like the one above could easily be buried.
Score: 0
|Well at least you lived up to your forum name. Point...Zero.
Score: 0
|LMAO!
Score: 0
|I am sure he meant "gay" the way it was used 10 years ago, aka, retarded, stupid, etc. But see that is where the problem is with using that term for anything: if one is gay, is he happy, retarded, OR homosexual? :-)
Funny how quickley the meaning of words can change...
Score: 0
|best part is that there's already a patch for this since May, yet most people don't apply the patch for it.
Heh, same goes to most Windows flaws.
Usually by the time it's on news, there's already a lot of patches, but no one seems to bother until their system gets infected by it.
Then they complain.
Score: 0
|haha! I love Symantec news like this! Love report'n it too!
Symantec = GARBAGE.
and now....
Symantec = GARBAGE even on platforms OTHER then Windows!
Score: 0
|You people still don't get it do you? It is the inherent flaws in WINDOWS that allow these things to be developed. It doesn't matter who develops the software being exploited, it is the fact WINDOWS has so many seams and holes in it.
Score: 0
|No, *you* don't get it. It's a flaw in Symantecs software, a stack overflow caused by an improper application of strncat , a common C library function.
http://research.eeye.com...blished/AD20060612.html
Try learning about the subject before criticizing others.
Score: 0
|No, no, no. Don't you know everything is Microsoft's fault? A commercial OS should not let third party developers make mistakes. In fact, it should code the programs for them.
/sarcasm
Score: 0
|Lol? And where these people live? Symantec is one of the biggest if not the biggest security company in the world. So hitting this one isn't that weird if you ask me...
Score: 0
|"Given the rapid discovery of critical security vulnerabilities within desktop applications other than Microsoft, the release of malware of this magnitude targeting non-Microsoft software was only a matter of time,"
take that microsft haters.
Score: 0
|I'm a symantec hater right here.
I hate symantec because their code is inherently insecure.
Score: 0
|yeah... and I "don't get it"
Score: 0
|so why don't you code an AV program if you're so smart.
Score: 0
|