Wednesday, 29 November 2006
Symantec Flags W32.Spybot.ACYR Worm |
| |
|
| |
Symantec has said that a worm called W32.Spybot.ACYR is spreading by taking advantage of a number of patched Microsoft vulnerabilities and a previously disclosed hole in Symantec's Client Security and Antivirus software. Symantec patched that hole back in May, but apparently some of its customers haven't applied that patch yet.
The botnet is hitting college and university networks primarily, with published reports citing infections in Australia, and reports of infections at universities in Arkansas, Texas, California and Minnesota in the US.
The program spreads using a built in FTP server dubbed 'reptile' to spread and establishes a connection to an IRC command and control server once it has compromised a computer.
Symantec advised its customers to update their products to the latest available security updates and other software patches, and consider blocking Port 2967 at their firewall.
|
| |
|
|
| |
|
|
| |
|
|
| |
|
