Rinbot worm targets Symantec security applications

Rinbot worm targets Symantec security applications

The Rinbot worm also known as the Delbot worm is making news in the media. The worm attacked the computer network at the media company Turner Broadcasting System.

The worm has been designed to take advantages of the flaw in the Symantec client security. It also targets the Microsoft’s Windows Server Service remote buffer overflow vulnerability and Microsoft’s SQL Server user authentication remote buffer overflow vulnerability.

Paul Moriarty, director of Internet content security at Trend Micro added that these three issues have already been resolved by the developers and networks which are not up-to-date are the ones which are being affected.

Graham Cluley, a senior technology consultant with Sophos added: “There’s no evidence of a big attack here. It does look for vulnerabilities in other software, but the Symantec exploit is particularly notable. Symantec has put so much effort looking into the security of Microsoft Vista, while hackers have been going after Symantec.”

Symantec added in a statement: “Symantec Security Response is aware of the W32.Rinbot.L worm which spreads to network shares protected by weak passwords. This particular variant of the W32.Rinbot virus exploited an old vulnerability in Microsoft software (MS06-040) and Symantec AntiVirus. Symantec’s Norton product line is not affected. In order to close off the vulnerability itself, a patch was made available to customers in May 2006. Customers who have followed intelligent patching practices should not be affected by the new variant.”

Market analysts believe that it seems to be an instance where malicious code writers are targeting the market’s most popular antivirus developer.