[unisog] Worm exploiting Symantec client defect?????
t.eden at unsw.edu.au
Mon Nov 27 22:36:45 GMT 2006
Yep, we had an outbreak of this yesterday. Around 150 or so machines on
our campus started scanning the 188.8.131.52/8 netblock on 2967/tcp. We put
a block in place on our border stopping this traffic from entering or
leaving the campus and now local administrators are in the process of
cleaning up all of the infected machines. Some of them reported that the
machines infected were fully patched with windows updates, had the
latest SAV definitions but NOT the latest SAV binary so if possible roll
out the latest update to the SAV binary ASAP.
Gary Flynn wrote:
> Anyone know anything more about what SANS
> is reporting on this?
Senior Network Engineer
University of New South Wales IT Services (UNSWITS)
Office: (02) 9385 8015
Mobile: 0414 385 132
Email: t.eden at unsw.edu.au
More information about the unisog