Symantec first dismissed the threat, but worm attacks that exploit a known security hole in the company's corporate antivirus tool are proving to be persistent.
The attacks target computers running older versions of Symantec Client Security and Symantec AntiVirus Corporate Edition. Compromised systems are turned into remotely controlled zombies by the attacker and used to relay spam and other nefarious activities. Symantec's Norton consumer software is not affected.
"What we have been seeing in December and in the last week and a half is related to new variants of Spybot," Vincent Weafer, senior director of Symantec Security Response, said Tuesday. "We had a couple of versions of Spybot that went nowhere, but these ones found a way to propagate more effectively."
The Spybot variants break into computers through a known security hole in the widely used Symantec antivirus tools. When installed on a PC, Spybot opens a back door in the system and connects to an Internet Relay Chat server to let the remote attacker control the compromised computer. Spybot first surfaced in 2003 and has spawned many offshoots.
The first version of Spybot to exploit the Symantec security hole surfaced in November. This was followed in December by another pest dubbed Sagevo, or Big Yellow. Symantec initially dismissed both threats, stating that their impact was minimal. While Sagevo fizzled, Spybot is causing harm, Weafer said.
"We're definitely seeing Spybot out there and seeing that it is being trapped in customer environments," he said. The attacks have been escalating since December 20, when Symantec and its customers first saw increased activity on TCP port 2967, the network port used by the vulnerable software.
--more--
*ZDNet
No comments:
Post a Comment