W32/Sagevo Worm Exploits Symantec Anti-Virus Package
Users of Symantec Client Security and Symantec Antivirus Corporate 10 should update their software as described in http://securityresponse.symantec.com/avcenter/security/Content/2006.05.25.html (dated May 25,2006). The Norton Antivirus product line and earlier versions of Symantec Antivirus Corporate are not affected.
Symantec Antivirus users can detect and remove the worm with the Daily LiveUpdate or Intelligent Updater from December 14, 2006 or with the Weekly LiveUpdate from December 20, 2006. For more information, see http://www.symantec.com/security_response/writeup.jsp?docid=2006-121309-3331-99&tabid=1.
Machines using McAfee VirusScan are not vulnerable to this exploit; however, VirusScan can detect and remove the worm with the 4922 DAT files, released December 19, 2006. For more information, see http://vil.nai.com/vil/content/v_141124.htm.