Corporate users of some Symantec antivirus product are facing persistent attacks that target a vulnerability that the security provider patched more than seven months ago.

The attacks are yet more proof that IT professionals, not just mom and pops running their first PC, are dangerously lax about installing crucial security patches. The exploits turn user PCs into zombies that spew spam and carry out nefarious acts, such as denial of service attacks. The attack targets unpatched versions of Symantec Client Security and Symantec AntiVirus Corporate Edition, according to CNET.

New variants of the worm that target the vulnerability surfaced in mid December and are proving more effective than previous ones, a senior director of Symantec said. Symantec had initially dismissed the flaw, saying it wasn't likely to be exploited, until the first version of the worm surfaced in November.

Unlike many Symantec updates, which are installed automatically, the fix for corporate antivirus software has to be downloaded on the company's website and manually installed. Symantec is re-evaluating this policy.

The company plans to push a definition to antivirus users that will allow the software to more precisely pinpoint the worm. ®

Related stories

Anatomy sheds new light on Storm Worm (9 February 2007)
http://www.theregister.co.uk/2007/02/09/storm_worm_anatomy/
Symantec plans $200m worth of cuts (25 January 2007)
http://www.theregister.co.uk/2007/01/25/symantec_results/
Spam on IP telephony (19 January 2007)
http://www.theregister.co.uk/2007/01/19/spam_on_ip_telephony/
Symantec plugs vulnerabilities in NetBackup (14 December 2006)
http://www.theregister.co.uk/2006/12/14/symantec_netbackup_vulns/
Symantec customers stranded by renewals glitch (4 December 2006)
http://www.theregister.co.uk/2006/12/04/symantec_glitch/
Bot spreads through anti-virus, Windows flaws (29 November 2006)
http://www.theregister.co.uk/2006/11/29/bot_antivirus_windows_flaws/
Symantec readies Backup Exec for Vista (2 November 2006)
http://www.channelregister.co.uk/2006/11/02/symantec_backup_exec11d/
Security firm punctures Vista's Patchguard (27 October 2006)
http://www.theregister.co.uk/2006/10/27/patchguard_row_analysis/
Norton smites ecclesiastical app (4 August 2006)
http://www.theregister.co.uk/2006/08/04/norton_unholy_false_alarm/
Symantec highlights Windows Vista user vulnerabilities (2 August 2006)
http://www.theregister.co.uk/2006/08/02/symantec_windows_vista_security/
Symantec: Vista probably 'less stable' than XP (19 July 2006)
http://www.theregister.co.uk/2006/07/19/vista_security_analysis/
Symantec turns off on security appliances (27 June 2006)
http://www.theregister.co.uk/2006/06/27/symantec_appliances/