[unisog] More: Bot outbreak exploiting SYM06-010

Brian Eckman eckman at umn.edu
Tue Nov 28 19:40:14 GMT 2006

Symantec is calling it W32.Spybot.ACYR


FWIW, I did not observe exactly what they say, but it is still much more
accurate than most of their writeups. They generally don't give each
variant its own description - even this one was initially being detected
as "W32.Spybot.Worm".

Robert Lemos wrote an article about the outbreak - its at
http://www.securityfocus.com/news/11426/1 for those who are interested.


Liu, David wrote:
> Any idea on if the malware info has been m,ade public on the Symantrec
> site? 
> -----Original Message-----
> From: unisog-bounces at lists.dshield.org
> [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Brian Eckman
> Sent: Monday, November 27, 2006 7:02 PM
> To: UNIversity Security Operations Group
> Subject: [unisog] More: Bot outbreak exploiting SYM06-010
> We had a number of hosts become infected with an IRC bot today that used
> www.flackware.info as the Command and Control. Here is information that
> I know so far:


Brian Eckman, Security Analyst
University of Minnesota
Office of Information Technology
Security & Assurance

More information about the unisog mailing list