Security researchers at eEye Digital Security have discovered a serious flaw in Symantec’s enterprise antivirus software that could be used by hackers to create a self-replicating “worm” attack against Symantec users.Because Symantec has not yet confirmed the existence of the problem, much less patched it, eEye is offering few details on the vulnerability, which was first disclosed late Wednesday.“This is definitely a wormable flaw,” said Mike Puterbaugh, eEye’s vice president of marketing. “It does allow you to take remote control of the system.”Similar to viruses, worms are able to spread from computer to computer, and past attacks such as 2003’s Blaster and Slammer worms were widespread. Symantec is evaluating eEye’s claims and “if necessary, will provide a prompt response and solution,” a Symantec spokesman said Thursday.EEye Chief Hacking Officer Marc Maiffret believes it will take Symantec a “month or two” to patch the problem. “The vulnerability is pretty straightforward for them to identify within their code,” he said. Version 10 and greater of Symantec’s enterprise antivirus software is affected by the flaw, but the company’s consumer products do not have the bug, Maiffret said.This is not the first flaw to be reported in Symantec’s security products, which have increasingly come under the scrutiny of hackers and security researchers over the past year. Last December, researcher Alex Wheeler discovered a flaw in Symantec’s Antivirus Library that could allow remote attackers to gain control of systems that used Symantec’s products.In October, a critical flaw was found in the company’s Scan Engine software.– Robert McMillan, IDG News ServiceKeep checking in at our CSO Security Feed page for updated news coverage. Related content news New Trojan ZenRAT masquerades as Bitwarden password manager A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities. By Lucian Constantin Sep 28, 2023 4 mins Cyberattacks Cyberattacks Cyberattacks news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Data and Information Security Security Practices news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe