iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Bot Attacks Old Symantec Flaw
Search:
[ insider_reports_insider ]

Bot Attacks Old Symantec Flaw



David Utter
Staff Writer
2006-11-29

SecurityProNews: Insider Reports Insider Reports RSS Feed


An issue with Symantec Client Security and its Antivirus Corporate Edition had to be fixed after a bot program began exploiting it at universities.

Whats really going on in there...
"Whats really going on in there..."


The bot program, dubbed W32.Spybot.ACYR by Symantec, can also exploit five recently patched vulnerabilities in Microsoft Windows. The SecurityFocus website reported that while the bot could creep past Symantec's products, the company's consumer AV software sold under the Norton name did not contain the same flaw.

Symantec has since updated its signatures to identify the bot when it attempts to exploit the six-month-old flaw, according to SecurityFocus editor Robert Lemos.

The bot may have compromised over a thousand systems, based on assessments of network traffic recorded by SANS Internet Storm Center and Indiana University's REN-ISAC project. The bot attempted to hit port 2967 to exploit the Symantec flaw.

Its spread affected systems at the University of New South Wales in Australia, and the University of Arkansas. The report cited a security analyst from the University of Arkansas in explaining why these threats are a bigger problem for colleges:

As university environments are very decentralized, group policies and other mechanisms used to keep software up-to-date and well managed, may or may not exist. So one department may have completed the upgrades, when the office next door is still using a much older version.
That decentralization has been largely eliminated in the corporate sector, where IT departments tend to try and unify as much software management as possible due to the greater number of systems they must manage.

The Symantec flaw must be especially galling to those larger customers who implemented it for this purpose. However, an upgrade has been available for several months, so any manager who has been lax in implementing the update could be in for a rough morning in a superior's office.

---
Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Get all the updates -




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds