Spread of Spybot.ACYR/Sdbot.worm!811a7027 illustrates lax patching

CNET News.com reported Thursday, that an updated version of a malicious bot program, called "Spybot.ACYR" by Symantec and "Sdbot.worm!811a7027" by McAfee, is spreading through educational institutions. The malware's resurgence was tied to Symantec's detection of "spike in traffic on port 2967 with activity only in the .edu domain." This variant exploits several known, and patched, vulnerabilities in Symantec Client Security and Symantec Antivirus and Windows.

I'm not sure what the IT departments are doing at the infected institutions, but they're obviously not patching their systems in a timely fashion.


By Bill Detwiler

Bill Detwiler is Editor in Chief of TechRepublic and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the ...