Botworm targets Symantec security

A botworm is targeting Symantec’s widely used web security products on corporate networks.

A botworm is targeting Symantec’s widely used web security products on corporate networks.

The "Big Yellow" worm has been reported by web security researcher and software provider eEye, and affects a range of Symantec’s Antivirus and Client Security products.

The researcher said it had recently detected the new worm and that it is actively exploiting a remote Symantec vulnerability which was originally patched by Symantec this June.

Although the vulnerability had been exploited by some attackers last month, said eEye, Big Yellow was the first example of a worm leveraging this vulnerability for self-propagation.

To avoid being hit by the worm, businesses should make sure they have the latest versions of Symantec software installed, and block port tcp/2967 at the network gateway to minimise the attackable surface area, said eEye.

Symantec said it was aware of the problem but was not seeing widespread distribution of the worm, which seeks to take over networked computers and use them to spread the malware further.

Comment on this article:



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Antivirus, firewall and IDS products



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...