Dubbed "Spybot.ACYR" by Symantec and "Sdbot.worm!811a7027" by McAfee, the bot is attacking educational institutions.
News.com reported Symantec said the bot had created a spike in traffic on port 2967 in the .edu domain.
It claims that there has been only a small impact so far. The bot exploits a six month old hole in Symantec Client Security and Symantec AntiVirus. The security outfit patched the hole on May 25, and those who applied the patch have not been affected.
For the bot to work the victim needs to have forgotten to patch five flaws in Microsoft Windows, the most recent flaw was patched in August and affects Windows file and printer sharing.
If those patches have not been installed Spybot opens a back door in the system and connects to an Internet Relay Chat server to let the remote attacker control the compromised computer. µ
For all the firm's hits there have been plenty of misses
Oracle founder has almost literally all the money in the world. But what does he spend it on?
Built-in cigarette lighter? Yes please
Kaspersky warns against charging via PCs, Macs and public charging stations