Educause Security Discussion mailing list archives
symantec targetting worm
From: robin <mstubbs () FACSTAFF WISC EDU>
Date: Thu, 28 Dec 2006 17:51:00 -0600
Some subnets here are having a bit of trouble with a worm that in particular seems to be going for tcp port 2967 which we would guess is aiming for the SAVCE managed client port. In some cases the worm or worms also goes for tcp port 139,445 and/or 5900. Anyone seeing this and have some advice? Have worms been id'd other than these at other edu's? http://www.symantec.com/enterprise/security_response/weblog/2006/11/spybot_attempts_to_exploit_old.html http://www.symantec.com/security_response/writeup.jsp?docid=2006-121309-3331-99 http://smallbiz.symantec.com/security_response/writeup.jsp?docid=2006-122314-5625-99&tabid=2 There was quite a spike in scanning in recent times: http://isc.sans.org/port_details.php?port=2967 Speaking of possible sym06-010 exploites, here is a nice chart about upgrading it: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2006052609181248?OpenDocument&src=ent_hot&dtype=corp&seg=ent&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=10.1&tpre=
Current thread:
- symantec targetting worm robin (Dec 28)
- <Possible follow-ups>
- Re: symantec targetting worm David Gillett (Dec 28)
- Re: symantec targetting worm Mike Iglesias (Dec 29)