'Big Yellow' Worm Hits Antivirus Program
Worm hits some systems using Norton Antivirus, even though company issued patch back in May.
A computer worm is attacking some business PCs through a flaw in antivirus software by Symantec Corp., a security company warned Friday. eEye Digital Security, based in Aliso Viejo, said the worm, dubbed "Big Yellow," began attacking some computer systems on Thursday _ seven months after eEye first discovered the flaw.
Symantec released a patch to address the flaw in May but it's up to its corporate customers to install it. Officials at the Cupertino-based security software company said Friday it had so far received three reports of systems affected by the worm.
"It is definitely a new worm, and it is looking for vulnerable systems, but we're not seeing any evidence of a significant outbreak or infection," said Vincent Weafer, a senior director at Symantec's security response unit.
Big Yellow enters machines through a security hole in the corporate version of Symantec's Norton Antivirus software. Once infected with the worm's "bot" program, a hacker can use it as a way to connect with other computers for malicious attacks.
eEye urged corporate information-technology departments to fix the flaw.