Symantec’s Anti-Virus Software Has An Exploitable Hole
'eEye Digital Security', on December 15 2006, announced its discovery of "Big Yellow", a malware not related to Microsoft, that has both 'worm' and 'botnet' features and is now traversing in the wild using a popular anti-virus software of security vendor Symantec. eEye Digital leads in developing 'endpoint security and vulnerability management software programs' as well as is the security industry's most important contributor to 'security research and education'.
This popular anti-virus software of Symantec has a security hole dubbed as "Big Yellow". The exploit manipulates a component within the 'remote management interfaces' of both 'Symantec Anti-Virus' and 'Symantec Client Security'.
Marc Maiffrett, eEye's CTO, claims the 'Big Yellow' to be the first most automated threat. He said the worm appearing to be of Chinese origin has already attacked many systems all over the world. He added in the light of so many 'critical security vulnerabilities' within other desktop applications different from Microsoft, the release of this latest malware targeting non-Microsoft software was only sure to arrive.
Maiffrett continued by highlighting the need for IT administrators to be better equipped to fight against attacks from any direction. Current attacks increasingly aim at software produced by companies other that Microsoft.
According to Maiffrett, attacks on non-Microsoft applications would become commonplace in the future since information technology professionals are not aware of their existence.
Marc Maiffrett is convinced that 2007 will face a vulnerability explosion and exploits against security firms like Symantec and other non-Windows vendors like Apple. The 'non-Microsoft desktop applications', many of which IT professionals do not know even, are likely to become enterprises' biggest vulnerability point very soon.
» SPAMfighter News - 21-12-2006