By Joris Evers
Staff Writer, CNET News.com
Published: November 29
An updated variant of a malicious bot program is spreading via a flaw in Symantec's antivirus software as well as through several holes in Microsoft code.
The program, called "Spybot.ACYR" by Symantec and "Sdbot.worm!811a7027" by McAfee, appears to be targeting educational institutions, according to a blog item posted by Symantec Tuesday. "We are seeing a spike in traffic on port 2967 with activity only in the .edu domain," the security company said. "The impact of the attack is minimal thus far."
This Spybot variant attempts to break into computers through a six-month-old vulnerability in Symantec Client Security and Symantec AntiVirus. A fix has been available since May 25. "Customers who have applied the patch in their environment are unaffected by the worm," Symantec said.