eEye | Antivirus, Antispyware & Vulnerability Management Solutions - eEye Discovers "Big Yellow"

News

eEye Discovers "Big Yellow" - Symantec Internet Worm/Botnet

Leading enterprise security vendor notes "Big Yellow" as first of many attacks focused on desktop applications other than Microsoft

Award-winning Blink® Professional endpoint security software already protects enterprise customers

(ALISO VIEJO, CA) December 15, 2006 — eEye Digital Security®, a leading developer of network security and vulnerability management software solutions, as well as the industry's foremost contributor to security research and education, today announced that it has discovered Big Yellow, a significant, non-Microsoft-based malware that has both worm and botnet characteristics and is currently propagating in the wild using Symantec's popular anti-virus software. Big Yellow exploits a vulnerability in the remote management interface for versions of Symantec AntiVirus and Symantec Client Security, which could be remotely exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system, thus giving the attacker complete control.

Many IT departments are not prepared for attacks on non-Microsoft-based applications and have not yet deployed the patch available for this widely deployed anti-virus software (available here: http://www.symantec.com/avcenter/security/Content/2006.05.25.html).

As a result, this new class of malware presents a very potent problem for the enterprise. eEye discovered this vulnerability in late May 2006 and worked with Symantec to create a patch at that time. However, many IT departments have not yet deployed this patch, as heretofore they have not considered their desktop security applications as a point of vulnerability. Those enterprises that have already deployed Blink Professional, eEye's award-winning endpoint security software, are already protected against this new form of malware eEye has named Big Yellow.

"Given the rapid discovery of critical security vulnerabilities within desktop applications other than Microsoft, the release of malware of this magnitude targeting non-Microsoft software was only a matter of time," said Marc Maiffret, eEye's founder and CTO. "IT urgently needs to understand that the new vector for attack will not come from Microsoft, but from the myriad applications that are scattered throughout its network. From anti-virus to iTunes, these non-Microsoft desktop applications, many of which IT is not even aware of, will become the enterprise’s biggest point of vulnerability very, very quickly. We strongly recommend IT take two steps immediately. First, enterprises need to implement a vulnerability management program that includes more than just Microsoft applications. Second, enterprise IT should implement a comprehensive, integrated endpoint security product that delivers proactive protection from unknown and known threats."

eEye’s world-class research team, which was also responsible for discovering Code Red, the world’s first major Microsoft-based worm, discovered the Big Yellow malware late on December 14 on its “honey pot” network – a network designed specifically to identify new classes of attack. Additional details on this new worm can be found here: http://research.eeye.com/html/alerts/AL20061215.html

Blink Professional, the industry's first Unified Security Client, sets a new bar in comprehensive, integrated endpoint security for the enterprise. In addition to the industry's strongest Host-based Intrusion Prevention System (HIPS), Blink consolidates multiple security functions onto a single, centrally managed agent. Blink is the first to deliver all of the system-based client security functions on a single agent, including HIPS, application and system-level firewalls, anti-phishing, anti-spyware, sophisticated control over removable storage, application execution control, dynamic policy control, a local Retina® vulnerability assessment scanner and, very soon, an anti-virus and anti-malware component as well.

Deployed as a software agent on a Windows-based server, desktop PC or laptop, Blink Professional leverages multiple layers of protection—more so than any other endpoint security product—to shield individual digital assets from attacks and keep systems up and running. Blink Professional not only delivers the industry’s most comprehensive endpoint security for the attacks that are affecting users today, it unifies this functionality in order to reduce the memory and computing resources necessary to support the agent. Blink Professional also serves as a platform to which future security functionality can be added, effectively making it the last security agent that IT has to install and manage. Just as importantly, Blink can be deployed and managed from a central location, making it ideal for distributed network environments.

For those interested in protecting their networks with Blink Professional, more information, including a demonstration and a free product trial, is available for download on eEye's Website: http://www.eeye.com/html/products/blink/index.html

Consumers that are interested in protection from Big Yellow can also receive a copy of Blink Personal, eEye’s free version of its endpoint security product for personal users, which is available for download on eEye's Website: http://www.eeye.com/html/products/blink/personal/index.html

About eEye's Security Research Team
Over the last five years, eEye has been recognized by industry experts as the preeminent organization in the discovery of the most critical vulnerabilities in various platforms and applications, including the vulnerabilities subsequently leveraged by the Sasser, Witty and Code Red worms, as well as the Microsoft ASN vulnerability and hundreds of other important discoveries. This expertise gives eEye a distinct advantage in designing services and software solutions for the assessment, remediation and prevention of vulnerabilities and the attacks that leverage them.

eEye's integrated family of vulnerability management solutions helps IT and security professionals confidently safeguard their valuable digital assets. eEye's products include Blink® Professional, Retina® Network Security Scanner, REM® Security Management Console, Iris® Network Traffic Analyzer and SecureIIS™ Web Server Protection.

About eEye Digital Security

eEye Digital Security is the global leader in a new class of security solutions: comprehensive vulnerability management and zero-day endpoint security protection. eEye enables secure computing through world-renowned research and innovative technology, supplying the world's largest businesses with an integrated and research-driven vulnerability assessment, intrusion prevention, and client security solution. eEye's research team is consistently the first to identify new threats in the wild and our products leverage that research to deliver the insights and tools necessary to protect our customer's operating environments. For more information, please visit http://www.eeye.com

Primary Press Contact

Victor Cruz
MediaPR
(401) 349-3369 vcruz@mediapr.net

EMEA Press Contact

Ralph Klöwer
INTERFACE Relations
+49 (0) 89-552 688-66 r.kloewer@interface.pr.de