News

Worm Attacking Symantec Flaw; Patch Available

A computer worm is attacking some business PCs through a flaw in antivirus software by Symantec Corp., a security company warned Friday.

EEye Digital Security, based in Aliso Viejo, Calif., said the worm, dubbed "Big Yellow," began attacking some computer systems on Thursday -- seven months after eEye first discovered the flaw.

Symantec released a patch to address the flaw in May, but it's up to its corporate customers to install it. Officials at the Cupertino, Calif.-based security software company said Friday it had so far received three reports of systems affected by the worm.

"It is definitely a new worm, and it is looking for vulnerable systems, but we're not seeing any evidence of a significant outbreak or infection," said Vincent Weafer, a senior director at Symantec's security response unit.

Big Yellow enters machines through a security hole in the corporate version of Symantec's antivirus software. Once infected with the worm's "bot" program, a hacker can use it as a way to connect with other computers for malicious attacks.

EEye urged corporate information-technology departments to fix the flaw.