EEye Discovers Worm/Botnet

EEye Digital Security has discovered Big Yellow, a non-Microsoft-based malware that has both worm and botnet characteristics

ALISO VIEJO, Calif. -- eEye Digital Security(r), the leading developer of endpoint security and vulnerability management software solutions, as well as the industry's foremost contributor to security research and education, today announced that it has discovered Big Yellow, a significant, non-Microsoft-based malware that has both worm and botnet characteristics and is currently propagating in the wild using Symantec's popular anti-virus software. Big Yellow exploits a vulnerability in the remote management interface for versions of Symantec AntiVirus and Symantec Client Security, which could be remotely exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system, thus giving the attacker complete control.

Many IT departments are not prepared for attacks on non-Microsoft-based applications and have not yet deployed the patch available for this widely deployed anti-virus software (available here: As a result, this new class of malware presents a very potent problem for the enterprise. eEye discovered this vulnerability in late May 2006 and worked with Symantec to create a patch at that time. However, many IT departments have not yet deployed this patch, as heretofore they have not considered their desktop security applications as a point of vulnerability. Those enterprises that have already deployed Blink" Professional, eEye's award-winning endpoint security software, are already protected against this new form of malware eEye has named Big Yellow.

"Given the rapid discovery of critical security vulnerabilities within desktop applications other than Microsoft, the release of malware of this magnitude targeting non-Microsoft software was only a matter of time," said Marc Maiffret, eEye's founder and CTO. "IT urgently needs to understand that the new vector for attack will not come from Microsoft, but from the myriad applications that are scattered throughout its network. From anti-virus to iTunes, these non-Microsoft desktop applications, many of which IT is not even aware of, will become the enterprise's biggest point of vulnerability very, very quickly. We strongly recommend IT take two steps immediately. First, enterprises need to implement a vulnerability management program that includes more than just Microsoft applications. Second, enterprise IT should implement a comprehensive, integrated endpoint security product that delivers proactive protection from unknown and known threats."

eEye Digital Security

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading