Spread of Spybot.ACYR/Sdbot.worm!811a7027 illustrates lax patching

CNET reported Thursday, that an updated version of a malicious bot program, called "Spybot.ACYR" by Symantec and "Sdbot.worm!811a7027" by McAfee, is spreading through educational institutions. The malware's resurgence was tied to Symantec's detection of "spike in traffic on port 2967 with activity only in the .edu domain." This variant exploits several known, and patched, vulnerabilities in Symantec Client Security and Symantec Antivirus and Windows.

I'm not sure what the IT departments are doing at the infected institutions, but they're obviously not patching their systems in a timely fashion.


About Bill Detwiler

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

Editor's Picks

Free Newsletters, In your Inbox