Malware Exploits Anti-Virus Software Hole

Security firm eEye Digital Security said Friday it had discovered a new non-Microsoft based malware that has both the characteristics of a worm and a botnet spreading the wild. However, it uses a flaw in a program meant to protect users from such issues to propagate itself.

The flaw is within Symantec's popular anti-virus software. Calling it "Big Yellow," the exploit takes advantage of an issue within the remote management interfaces of both Symantec AntiVirus and Symantec Client Security.

The worm was first discovered late Thursday by researchers on the firm's "Honey Pot" network, a system specifically designed to identify new attacks. More information on the issue can be found at the eEye website.

The problem could be exploited by an anonymous attacker, which, by executing arbitrary code could take complete control of an affected system.

A patch for the issue has been available since May of this year. However, eEye claims that many IT departments and home users have not applied this important patch, putting them at risk for attack.

"Given the rapid discovery of critical security vulnerabilities within desktop applications other than Microsoft, the release of malware of this magnitude targeting non-Microsoft software was only a matter of time," said Marc Maiffret, eEye's founder and CTO.

Maiffret continued by saying that IT administrators have to be better prepared to fight against attacks from any vector. An increasing number of attacks are being aimed at programs other than those produced by Microsoft.

eEye recommends taking two steps immediately, "First, enterprises need to implement a vulnerability management program that includes more than just Microsoft applications."

"Second," Maiffret added, "Enterprise IT should implement a comprehensive, integrated endpoint security product that delivers proactive protection from unknown and known threats."