The 'Big Yellow' malware targets a flaw in the remote management interface for the Symantec AntiVirus and Symantec Client Security applications.
On infection, systems are recruited for a botnet and the worm starts using the system as a launch for further infections.
Symantec issued a patch for the flaw in May, but many enterprises failed to deploy the update.
Marc Maiffret, chief technology officer at EEye, suggested that many users do not perceive software flaws in non-Microsoft products as a serious threat because large scale attacks 'always' target Microsoft.
However, Maiffret expects that the Big Yellow worm is the first of many online threats that target non-Microsoft software.
"Given the rapid discovery of critical vulnerabilities within desktop applications other than Microsoft's, the release of malware of this magnitude targeting non-Microsoft software was only a matter of time," he said.
_(23).jpg&h=140&w=231&c=1&s=0)
_(22).jpg&h=140&w=231&c=1&s=0)
_(28).jpg&h=140&w=231&c=1&s=0)
_(20).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
