Worms own Symantec users
Print storyPunishes sys admins too lazy to apply patch
Posted in Anti-Virus, 17th January 2007 00:12 GMT
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
Corporate users of some Symantec antivirus product are facing persistent attacks that target a vulnerability that the security provider patched more than seven months ago.
The attacks are yet more proof that IT professionals, not just mom and pops running their first PC, are dangerously lax about installing crucial security patches. The exploits turn user PCs into zombies that spew spam and carry out nefarious acts, such as denial of service attacks. The attack targets unpatched versions of Symantec Client Security and Symantec AntiVirus Corporate Edition, according to CNET.
New variants of the worm that target the vulnerability surfaced in mid December and are proving more effective than previous ones, a senior director of Symantec said. Symantec had initially dismissed the flaw, saying it wasn't likely to be exploited, until the first version of the worm surfaced in November.
Unlike many Symantec updates, which are installed automatically, the fix for corporate antivirus software has to be downloaded on the company's website and manually installed. Symantec is re-evaluating this policy.
The company plans to push a definition to antivirus users that will allow the software to more precisely pinpoint the worm. ®
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive