[unisog] Worm exploiting Symantec client defect?????

Tim Eden t.eden at unsw.edu.au
Mon Nov 27 22:36:45 GMT 2006


Hi Gary,

Yep, we had an outbreak of this yesterday. Around 150 or so machines on 
our campus started scanning the 128.0.0.0/8 netblock on 2967/tcp. We put 
a block in place on our border stopping this traffic from entering or 
leaving the campus and now local administrators are in the process of 
cleaning up all of the infected machines. Some of them reported that the 
machines infected were fully patched with windows updates, had the 
latest SAV definitions but NOT the latest SAV binary so if possible roll 
out the latest update to the SAV binary ASAP.

Regards,

Tim

Gary Flynn wrote:
> Anyone know anything more about what SANS
> is reporting on this?
>
> http://isc.sans.org//index.php
>
>
>   

-- 
========================================================

  Tim Eden 
  
  Senior Network Engineer
  University of New South Wales IT Services (UNSWITS)
  
  Office:  (02) 9385 8015
  Mobile:  0414 385 132
  Email:   t.eden at unsw.edu.au

========================================================



More information about the unisog mailing list