Worm spotted targeting 6-month-old vulnerability in AV products.
An alert has been issued by
eEye Digital Security
researchers for a new worm, which they have called ‘Big Yellow’, exploiting a vulnerability in
Symantec
products detected and patched six months ago.
The worm, which
Symantec
is calling
W32.Sagevo
, targets a flaw in the remote management interface of
Symantec Antivirus
and
Symantec Client Security
products for
Windows
to gain escalated privileges for spreading, as well as attempting to download a backdoor trojan.
The flaw was patched by
Symantec
in June, a few weeks after its discovery.
Symantec
noted existence of exploit code two weeks ago, and still rate the risk as ‘low’, with only a handful of reports of users affected by the worm. However,
SANS
among others has reported increased activity targeting the port used by the worm, and anyone still running
Symantec
products not updated since June is advised to apply the patch.
Symantec
‘s announcement of the flaw is
here
, and
eEye
‘s alert on the worm is
here
.
Posted on 18 December 2006 by
Virus Bulletin
Leave a Reply