[unisog] Worm exploiting Symantec client defect?????

Tim Eden t.eden at unsw.edu.au
Mon Nov 27 22:36:45 GMT 2006

Hi Gary,

Yep, we had an outbreak of this yesterday. Around 150 or so machines on 
our campus started scanning the netblock on 2967/tcp. We put 
a block in place on our border stopping this traffic from entering or 
leaving the campus and now local administrators are in the process of 
cleaning up all of the infected machines. Some of them reported that the 
machines infected were fully patched with windows updates, had the 
latest SAV definitions but NOT the latest SAV binary so if possible roll 
out the latest update to the SAV binary ASAP.



Gary Flynn wrote:
> Anyone know anything more about what SANS
> is reporting on this?
> http://isc.sans.org//index.php


  Tim Eden 
  Senior Network Engineer
  University of New South Wales IT Services (UNSWITS)
  Office:  (02) 9385 8015
  Mobile:  0414 385 132
  Email:   t.eden at unsw.edu.au


More information about the unisog mailing list