Wednesday, May 17, 2006

Symantec Warns Of Bot Sniffing For Veritas Vulnerability

Gregg Keizer writes on TechWeb News:

A bot is aggressively sniffing for systems equipped with unpatched Veritas software, Symantec warned Wednesday. It urged users to update the backup program, or failing that, take other safety measures.

A surge in scans of TCP port 6101, which is associated with Veritas Backup Exec, was first detected by Symantec's DeepSight network earlier this week. By Wednesday, the Cupertino, Calif. security company had finished its analysis.

"The bot appears to contain propagation functionality that targets numerous [Windows] exploits including LSASS, Workstation, DOCM, ASN1, network share access, and SQL injection," Symantec said in an alert to DeepSight customers. "It is likely that the bot, upon compromising a system using any of these mechanisms, will join the [IRC] channel and begin scanning over TCP port 6101 [for additional systems]."

More here.

posted by Fergie @ 5/17/2006 12:51:00 PM

0 Comments:

Post a Comment

<< Home