“Big Yellow” – a non-Microsoft Internet worm/botnet propagating via Symantec anti-virus software
eEye Digital Security announced that it has discovered Big Yellow, a significant, non-Microsoft-based malware that has both worm and botnet characteristics and is currently propagating in the wild using Symantec’s popular anti-virus software. Big Yellow exploits a vulnerability in the remote management interface for versions of Symantec AntiVirus and Symantec Client Security, which could be remotely exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system, thus giving the attacker complete control.
Many IT departments are not prepared for attacks on non-Microsoft-based applications and have not yet deployed the patch available for this widely deployed anti-virus software. As a result, this new class of malware presents a very potent problem for the enterprise. eEye discovered this vulnerability in late May 2006 and worked with Symantec to create a patch at that time. However, many IT departments have not yet deployed this patch, as heretofore they have not considered their desktop security applications as a point of vulnerability.