Symantec has said that a worm called W32.Spybot.ACYR is spreading by taking advantage of a number of patched Microsoft vulnerabilities and a previously disclosed hole in Symantec’s Client Security and Antivirus software. Symantec patched that hole back in May, but apparently some of its customers haven’t applied that patch yet.

The botnet is hitting college and university networks primarily, with published reports citing infections in Australia, and reports of infections at universities in Arkansas, Texas, California and Minnesota in the US.

The program spreads using a built in FTP server dubbed ‘reptile’ to spread and establishes a connection to an IRC command and control server once it has compromised a computer.

Symantec advised its customers to update their products to the latest available security updates and other software patches, and consider blocking Port 2967 at their firewall.

This entry was posted on Wednesday, November 29th, 2006 at 9:42 pm and is filed under Linux/Open Source [t]. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.