Tech Watch | InfoWorld Staff » Symantec flaw figures in botnet hit

November 28, 2006 | Comments: (0)

Symantec flaw figures in botnet hit

TAGS: Security

College and university networks around the world are being attacked by a fast moving malicious program that exploits a known hole in Symantec's corporate antivirus program, according to reports by Symantec and the Internet Storm Center.

Symantec says a new worm called W32.Spybot.ACYR spreads by taking advantage of a number of patched Microsoft vulnerabilities and a previously disclosed hole in Symantec's Client Security and Antivirus software. Symantec patched that hole back in May, but apparently some of its customers haven't applied that patch yet.

The botnet is hitting college and university networks primarily, with published reports citing infections as far away as Australia, and reports of infections at major universities in Arkansas, Texas, California and Minnesota in the U.S.

The program spreads using a built in FTP server dubbed "reptile" to spread and establishes a connection to an IRC command and control server once it has compromised a computer.

Symantec advised its customers to update their products to the latest available security updates and other software patches, and consider blocking Port 2967 at their firewall.

Posted by Paul Roberts on November 28, 2006 01:07 PM

RATE THIS ARTICLE: