quote:

Thomas Parsons, an IT specialist with Symantec (Charts), confirmed to CNNMoney.com that the most recent variants of RINBOT have targeted Symantec's anti-virus programs.

"We're not sure what the motivation is, but we are aware of a hacker that has been adding his own commands into the strain," Parsons said. Using those codes, Parsons said the hacker let it be known that he wasn't happy that Symantec was calling the virus RINBOT.

http://money.cnn.com/2007/03/01/news...ex.htm?cnn=yes

More Info HERE

This worm attempts to exploit a previously addressed vulnerability in Symantec Client Security and Symantec Antivirus, (SYM06-010; BID 18107); patches for the particular Symantec product vulnerability have been available since Thursday, May 25th, 2006. As a result, customers who have applied the patch in their environment are unaffected by the worm's attempt to leverage the Symantec vulnerability for an attack. Customers running Symantec Client Security or Symantec intrusion prevention (IPS) capable products are protected against all known and unknown exploits of Symantec Client Security and Symantec AntiVirus Elevation of Privilege (SYM06-010; BID 18107)via IPS signatures released on May 26th, 2006.
Symantec highly recommends that users of the affected products patch their systems as soon as they are able to help avoid the spread of this particular worm family. If systems are infected with W32.Rinbot.L and this security patch has not been applied please read the document, Attempting to migrate from 10.x to a newer version fails after becoming infected with a worm which exploits SYM06-010.
IPS signatures against all known and unknown exploits of the Symantec Client Security and Symantec AntiVirus Elevation of Privilege (SYM06-010; BID 18107) were released on May 26, 2006.