17 December 2006
Symantec Vulnerability Being Actively Exploited
A vulnerability in Symantec AntiVirus is being actively exploited. It was discovered in the end of May and patched by June 12. The first exploits were discovered around the end of November, but the current worm is spreading on a large scale and doesn't need help in spreading. The FTP server that the worm downloads files from was accessed 71513 times in the 24 hour period before 15 December.
Users can protect themselves by making sure their copy of the antivirus program is patched and that the TCP port 2967 is blocked.
A complete analysis of the worm can be found from eEye Research.
Users can protect themselves by making sure their copy of the antivirus program is patched and that the TCP port 2967 is blocked.
A complete analysis of the worm can be found from eEye Research.
Labels: antivirus, symantec, vulnerability
