Spread of Spybot.ACYR/Sdbot.worm!811a7027 illustrates lax patching

CNET News.com reported Thursday, that an updated version of a malicious bot program, called "Spybot.ACYR" by Symantec and "Sdbot.worm!811a7027" by McAfee, is spreading through educational institutions. The malware's resurgence was tied to Symantec's detection of "spike in traffic on port 2967 with activity only in the .edu domain." This variant exploits several known, and patched, vulnerabilities in Symantec Client Security and Symantec Antivirus and Windows.

I'm not sure what the IT departments are doing at the infected institutions, but they're obviously not patching their systems in a timely fashion.