[unisog] Worm exploiting Symantec client defect?????
Karen A Swanberg
swanberg at tc.umn.edu
Mon Nov 27 23:33:24 GMT 2006
Yes. There is a bot spreading via the SAV vulnerability listed here:
The C&C is at www.flackware.info, and their DNS has changed at least three
This pops fully patched (OS-wise) 2000/XP boxes, unless the SAV port is
I have not done the work on this, others have. I suspect a more thorough
write up is on the way. Please don't ask me more, this is all I know.
on 11/27/06, at 5:22pm -0500, Gary Flynn wrote:
> Anyone know anything more about what SANS
> is reporting on this?
> Gary Flynn
> Security Engineer
> James Madison University
> unisog mailing list
> unisog at lists.dshield.org
Karen Swanberg University of Minnesota
Office of Information Technology
Security and Assurance (OITSec)
- swanberg :at: umn.edu | 612-625-8807 -
"I wanna live, I wanna experience the universe,
and I wanna eat pie." -Urgo
More information about the unisog