Symantec Corporate Software Under Attack
"Worm attacks an exploit in the Symantec's corporate antivirus tool. Read on to find out more..."
Published: 19th January 2007 | Source: ZDNET |19/01/07
Symantec first dismissed the threat, but worm attacks that exploit a known security hole in the company's corporate antivirus tool are proving to be persistent. The attacks target computers running older versions of Symantec Client Security and Symantec AntiVirus Corporate Edition. Compromised systems are turned into remotely controlled zombies by the attacker and used to relay spam and other nefarious activities. Symantec's Norton consumer software is not affected.
|"What we have been seeing in December and in the last week and a half is related to new variants of Spybot," Vincent Weafer, senior director of Symantec Security Response, said Tuesday. "We had a couple of versions of Spybot that went nowhere, but these ones found a way to propagate more effectively."|
The Spybot variants break into computers through a known security hole in the widely used Symantec antivirus tools. When installed on a PC, Spybot opens a back door in the system and connects to an Internet Relay Chat server to let the remote attacker control the compromised computer. Spybot first surfaced in 2003 and has spawned many offshoots.
The first version of Spybot to exploit the Symantec security hole surfaced in November. This was followed in December by another pest dubbed Sagevo, or Big Yellow. Symantec initially dismissed both threats, stating that their impact was minimal. A fix for the flaw has been available since May 25, but it appears not all users have applied the fix. Unlike Symantec's consumer products, the corporate antivirus software doesn't include automatic product updates.
Trying times for Symantec we're sure. Feel free to discuss this article in our forum