View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
December 18, 2006

Worm writers target security apps

A worm was released recently designed to break into corporate computers running Symantec Corp's security software and make them part of its botnet. Vulnerability researcher eEye Digitial Security Inc warned that the worm, which it called Big Yellow, was on the loose, but Symantec played down its significance.

By CBR Staff Writer

The worm, which both companies referred to as a botworm, acts much like the Windows-targeted network worms of a few years back – it scans for vulnerable hosts on the internet, then attempts to exploit a known vulnerability.

Rather than going after the operating system like Blaster or Slammer, Big Yellow targets a known vulnerability in Symantec’s Client Security and AntiVirus products – its two key desktop security clients.

By exploiting the flaw, the worm is able to download a backdoor program and gain full control of the machine, adding it to the attacker’s existing network of botted PCs.

It targets a vulnerability for which a patch was released by Symantec back in May. However, Symantec does not deliver product updates automatically to corporate customers via its LiveUpdate service, as it does with its consumer base, so there were still some vulnerable machines out there last week.

Vincent Weafer, director of Symantec security response, said that the company had received a handful of calls about incidents, including some from about a dozen educational institutions, which tend to have more complex and not as well-managed, but that the outbreak was not severe.

This was not a significant event, he said, pointing out that even on an unpatched system, the exploit or backdoor could still be caught by the host intrusion prevention or antivirus features of the Symantec software respectively.

The incident does illustrate two interesting trends in malware, however. First, worms targeting applications rather than operating systems are on the increase. This clearly means there are fewer targets for the worms to attack, which not coincidentally illustrates the second trend – malware writers are no longer going for large Blaster-style damaging attacks.

Content from our partners
Technology and innovation can drive post-pandemic recovery for logistics sector
How to engage in SAP monitoring effectively in an era of volatility
How to turn the evidence hackers leave behind against them

They’re now going for a more softly-softly approach, where they can sneak their malware in under the radar and compromise as many machines as possible before detection and removal tools are created. Controlling a large botnet can translate directly into big money, either through spam, blackmail or advertising click-fraud.

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.