Big Yellow Worm

Message

#1 Post by **GomJabbar** » Fri Dec 15, 2006 11:25 pm

Worm hits computers via antivirus program

Associated Press wrote:A computer worm is attacking some business PCs through a flaw in antivirus software by Symantec Corp., a security company warned Friday.

EEye Digital Security, based in Aliso Viejo, said the worm, dubbed "Big Yellow," began attacking some computer systems on Thursday - seven months after eEye first discovered the flaw.

JHEM · #2 Post by **JHEM** » Sat Dec 16, 2006 12:27 am

My eldest daughter's employer's mainframes have been infected and down all day Dave.

She's here visiting with our grandson and had hoped to have a "home office" day. But all attempts to login to her company's servers via her VPN proved fruitless.

Quite a problem for them.

James

#3 Post by **GomJabbar** » Sat Dec 16, 2006 12:45 am

Kind of amazing isn't it. Seven months after the flaw is discovered, and a patch released, corporate clients are being infected. I would imagine some IT's heads are going to roll over this.

It's not so different where I work. The local desktop for the Captain's use is not kept up to date with all the security patches. I've gone there to help them with a problem and on reboot find out the AV signatures are over 30 days old. Company policy is to update AV signatures once a week via the internet, but that doesn't always happen. FTR, our company also uses Symantec Corporate.

Sorry to hear about the problem affecting your daughter's visit.

NS · #4 Post by NS » Sat Dec 16, 2006 2:32 am

GomJabbar wrote:Kind of amazing isn't it. Seven months after the flaw is discovered, and a patch released, corporate clients are being infected. I would imagine some IT's heads are going to roll over this.

It's not so different where I work. The local desktop for the Captain's use is not kept up to date with all the security patches. I've gone there to help them with a problem and on reboot find out the AV signatures are over 30 days old. Company policy is to update AV signatures once a week via the internet, but that doesn't always happen. FTR, our company also uses Symantec Corporate.

Sorry to hear about the problem affecting your daughter's visit.

Can turn on the automatic update right?

#5 Post by **GomJabbar** » Sat Dec 16, 2006 2:46 am

NS wrote:Can turn on the automatic update right?

I suppose, but the internet connection being used is the company Nextel cell phone with an iDen connection. Very slow. Hence automatic updates are not used.

Yeah, it's time they get out of the dark ages and get an EV-DO or HSDPA data connection on a dedicated line.

dsigma6 · #6 Post by **dsigma6** » Sat Dec 16, 2006 10:40 pm

JHEM wrote:She's here visiting with our grandson

And here I thought you were a 30-something.

...Glad to be using Comodo and AVG!

JHEM · #7 Post by **JHEM** » Sun Dec 17, 2006 8:34 am

dsigma6 wrote:And here I thought you were a 30-something.

Only mentally Dan, and only when my meds kick in!

James

#8 Post by **GomJabbar** » Tue Dec 19, 2006 6:41 pm

A little more info on this threat that I received in an email advertisement from PC Magazine...

Note that these products are related to, but are not the same as, Norton Internet Security and Norton AntiVirus. There are no reports that the Norton products are affected.

eEye states that "...processes for keeping current on software patches are not in place for non-Microsoft applications such as Symantec AntiVirus/Client Security; therefore, many Symantec users may be at risk for this vulnerability. "

Don't fall into this trap yourself. Note that consumer products like Norton Antivirus may be set up to update virus signatures automatically, but they are not necessarily set up to update the antivirus software automatically. Therefore, vulnerabilities in the security software itself could go unnoticed for long periods of time. The answer is to run the LiveUpdate program on Norton products periodically.

Security Watch: Big Yellow Worm Bites Symantec

NS · #9 Post by NS » Wed Dec 20, 2006 1:58 am

Avast anti-virus have this automatic update function. Everytime, i connected my thinkpad to the internet, 5 minutes later, 1 blue box appear and a guy will say: virus database has been updated.

dsigma6 · #10 Post by **dsigma6** » Wed Dec 20, 2006 8:23 am

NS wrote:Avast anti-virus have this automatic update function. Everytime, i connected my thinkpad to the internet, 5 minutes later, 1 blue box appear and a guy will say: virus database has been updated.

Oh yea? Well AVG does it the second your computer boots into XP, pushing aside the startup time and frustrating you with popups!

christopher_wolf · #11 Post by **christopher_wolf** » Wed Dec 20, 2006 5:24 pm

dsigma6 wrote:
NS wrote:Avast anti-virus have this automatic update function. Everytime, i connected my thinkpad to the internet, 5 minutes later, 1 blue box appear and a guy will say: virus database has been updated.
Oh yea? Well AVG does it the second your computer boots into XP, pushing aside the startup time and frustrating you with popups!

That is a setting, but by default I haven't seen AVG Pro do that. It only appears to note that when it detects it's definitions are out of date very periodic checks with Grisoft...usually.

NS · #12 Post by NS » Thu Dec 21, 2006 12:19 am

@Christopher_wolf,

Thanks for helping to explain more about AVG automatic update.

@dsigma6,

Avast antivirus update the database automatically by default and do NOT need me to click on any of the update links.

BTW: The reason why i chose Avast is because it is FREE!

Sorry for being a cheapskate.

Big Yellow Worm

Big Yellow Worm

Who is online