Big Yellow Worm

No, I’m not talking about SpongeBob’s prodigous reproductive organ. Im talking about Symantec’s weak security which spawned an agressive worm which may have infected as many as 600k hosts before the payload site was shut down.

From Net-security.org here:

Big Yellow a non-Microsoft Internet worm/botnet propagating via Symantec anti-virus software

eEye Digital Security announced that it has discovered Big Yellow, a significant, non-Microsoft-based malware that has both worm and botnet characteristics and is currently propagating in the wild using Symantec s popular anti-virus software. Big Yellow exploits a vulnerability in the remote management interface for versions of Symantec AntiVirus and Symantec Client Security, which could be remotely exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system, thus giving the attacker complete control.

Worm food that has to rely on specific hosts to supply the malware download have a very limited shelf-life. All ISP’s, even those in Korea and China have a stake in shutting down hosts that serve up malware downloads. As such, this threat will not be as large had this been a P2P worm.