The Inquirer-Home
Software

Zombie attacks through Windows, antivirus flaws

Symantec and Microsoft combination risk
By Nick Farrell
Fri Dec 01 2006, 08:01
A BOT program which exploits holes in Symantec's antivirus software and Microsoft Voleware has been seen in the wild.

Dubbed "Spybot.ACYR" by Symantec and "Sdbot.worm!811a7027" by McAfee, the bot is attacking educational institutions.

News.com reported Symantec said the bot had created a spike in traffic on port 2967 in the .edu domain.

It claims that there has been only a small impact so far. The bot exploits a six month old hole in Symantec Client Security and Symantec AntiVirus. The security outfit patched the hole on May 25, and those who applied the patch have not been affected.

For the bot to work the victim needs to have forgotten to patch five flaws in Microsoft Windows, the most recent flaw was patched in August and affects Windows file and printer sharing.

If those patches have not been installed Spybot opens a back door in the system and connects to an Internet Relay Chat server to let the remote attacker control the compromised computer. µ

L'INQ
News.com

Share this:

< Previous article| Next article >
blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage
Advertisement
INQ Jobs
INQ Poll

App messaging overtakes texting for the first time

What do you use most frequently for messaging?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job:
Recruitment Agency A-Z Directory
Accreditations: