||||
Symantec.com > Security Response > Threats and Risks > W32.Sagevo
PRINT THIS PAGE

W32.Sagevo

Risk Level 2: Low

Printer Friendly Page

Discovered: December 13, 2006
Updated: February 13, 2007 1:02:49 PM
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP



W32.Sagevo is a worm that spreads by exploiting the Symantec Client Security and Symantec AntiVirus Elevation of Privilege (as described in Symantec Advisory SYM06-010). The worm lowers security settings and may download other threats.

Notes:
  • This worm attempts to exploit a previously addressed vulnerability in Symantec Client Security and Symantec Antivirus, SYM06-010; patches for the particular Symantec product vulnerability have been available since Thursday, May 25th, 2006. As a result, customers who have applied the patch in their environment are unaffected by the worm's attempt to leverage the Symantec vulnerability for an attack. Customers running Symantec Client Security or Symantec intrusion prevention (IPS) capable products are protected against all known and unknown exploits of SYM06-010 via IPS signatures released on May 26th, 2006.
  • Symantec highly recommends that users of the affected products patch their systems as soon as they are able to help avoid the spread of this particular Sybot worm family. If systems are infected with W32.Sagevo and this security patch has not been applied please read the document, Attempting to migrate from 10.x to a newer version fails after becoming infected with a worm which exploits SYM06-010.
  • IPS signatures against all known and unknown exploits of SYM06-010 were released on May 26, 2006.
  • Excessive network traffic caused by an infection may result in a significant degradation of network performance.


Protection

  • Initial Rapid Release version December 14, 2006
  • Latest Rapid Release version December 14, 2006
  • Initial Daily Certified version December 14, 2006
  • Latest Daily Certified version January 25, 2008 revision 004
  • Initial Weekly Certified release date December 20, 2006

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: Medium

Writeup By: Stephen Doherty
Search by name
Example: W32.Beagle.AG@mm
Learn more about Zero-Day / Operation Aurora / Hydraq
Symantec DeepSight Screensaver
©1995 - 2010 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS