Big Yellow worm is coming to get you….
A worm alert has been issued by Eeye Research. Dubbed Big Yellow the worm targets a vulnerability in the following Symantec products..Symantec AntiVirus 10.0.x for Windows (all versions)
Symantec AntiVirus 10.1.x for Windows (all versions)
Symantec Client Security 3.0.x for Windows (all versions)
Symantec Client Security 3.1.x for Windows (all versions)
| Quote: |
| Overview: The eEye Research honeypot network has recently detected a new worm that is actively exploiting a remote Symantec vulnerability originally discovered by eEye Research on May 24, 2006 and patched by Symantec on June 12, 2006. This vulnerability has been publicly exploited as early as November 30, but this is the first example of a worm leveraging this vulnerability for self-propagation. Generally, patch processes are not in place for non-Microsoft applications such as Symantec AntiVirus/Client Security, so many Symantec users may be at risk for this vulnerability throughout their networks. All enterprises running such software should assess their posture against this worm as soon as possible by validating that they have the latest version of Symantec AntiVirus/Client Security as well as blocking port tcp/2967 at the gateway to minimize attackable surface area. |
More on this interesting development along with an indepth analysis of the worm code can be found on the Eeye Research Site http://research.eeye.com/html/alerts/AL20061215.html
Eeye provide a free copy of Blink Personal Edition to home users…
BlinkĀ® Personal EditioneEye Digital Security’s BlinkĀ® Personal Edition combines intrusion prevention, application and network firewall, identity theft protection, and vulnerability assessment into a single, unified client security solution. With Blink, you are ensured both proactive and reactive protection against the broad methods of attack and compromise used by hackers to gain access to your system and personal data.
Keep Safe,
regards
Steo
rootkit