You faithfully download all of the monthly patches that Microsoft issues on Patch Tuesday, plus you're running Symantec Antivirus and update it regularly. Think you're safe?
Symantec acknowledges two holes in antivirus products::
Free Windows XP tuneup: Put new life into an old workhorse Clearwire sees Portland WiMax rollout, venture with Sprint on target
http://www.computerworld.com/securitytopics/security/holes0739,00.html?source=x1545HOME |
If you're a corporate user, think again.
Security firm eEye Digital Security has posted a warning about the spread of a new virus affecting the Symantec Antivirus application. The kicker is that the virus is spreading through a known issue that Symantec fixed six months ago.
The virus, called "Big Yellow," exploits an issue in the remote management interfaces of Symantec AntiVirus Corporate Edition and Symantec Client Security. The affected program is the Rtvscan.exe application, which is not used in the consumer product.
Symantec squashes antivirus bug News - PC Advisor::
Symantec has patched a widely reported flaw in the English versions of its corporate antivirus First Direct back to old anti-Apple tricks. Grand
http://www.pcadvisor.co.uk/news/index.cfm?newsid=6276HOME |
Symantec posted a list of affected applications in May, but the fix was not pushed out via the Live Update service.
"We don't do product updates through Live Update because corporate enterprise administrators want complete control over what's being deployed in their environments," said Vincent Weafer, senior director of Symantec's Security Response group.
Changes to the executable are done in the consumer product, but not the corporate products, for the above reason. Product updates, changes to the executables, have to be manually downloaded and deployed, as internetnews.com was able to verify.
Marc Maiffret, founder and CTO of eEye, said too many companies don't think to patch their non-Microsoft products. eEye found the virus has infected more than 70,000 systems, which is incredible given the fix was issued in May.
"It's an older vulnerability, but nobody seems to have patched it. Most IT organizations are focused on Microsoft and Patch Tuesday and are not paying attention to non-Microsoft products," he told internetnews.com. "It really is an example of the lack of awareness of IT organizations to patch their third-party software as fast as they patch Microsoft software."
Weafer agreed with him. "The one thing we're all saying out there is the attackers are moving out of the core OS and into the application layer. That's the trend we're seeing over the last two years. Anything that's prolific on the desktop is something we're seeing increasingly focused on," he said.
Big Yellow is a combination of a worm (define) and a botnet (define). As soon as it enters a computer, it looks for others on the network to infect, and installs a back door to connect to an IRC (define) chat server, at which point people on the IRC server can run commands and do what they want with your machine.
So for now, corporate customers are encouraged to manually download the fixes, especially small businesses that don't have internal update systems, said Weafer.
 Technical Analysis: Traders Turn Cautious
 A Scandalous Year For Tech
| 
Old Exploit Targets Symantec Antivirus