CNET News.com reported Thursday, that an updated version of a malicious bot program, called "Spybot.ACYR" by Symantec and "Sdbot.worm!811a7027" by McAfee, is spreading through educational institutions. The malware's resurgence was tied to Symantec's detection of "spike in traffic on port 2967 with activity only in the .edu domain." This variant exploits several known, and patched, vulnerabilities in Symantec Client Security and Symantec Antivirus and Windows.
I'm not sure what the IT departments are doing at the infected institutions, but they're obviously not patching their systems in a timely fashion.
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.