Symantec has confirmed the existence of a new worm
called W32.Spybot.ACYR, which is attacking the education sector.
The worm takes advantage of several Microsoft vulnerabilities and
holes in Symantec's own security products.
The worm attempts to exploit a previously addressed
vulnerability in the Symantec Client Security and Symantec
Antivirus products.
Patches for the Symantec product vulnerability have been
available since May this year. As a result, customers who have
applied the patch are unaffected by the worm.
Symantec said, "At the present time we are seeing a spike in
traffic on Port 2967 with activity only in the .edu domain."
Symantec added, "To mitigate attacks, customers are advised to
update their products to the latest available security updates from
Symantec. For those who are unable to apply the appropriate
Symantec patch, it is recommended that they consider blocking Port
2967 at their firewall."
Comment on this article:
computer.weekly@rbi.co.uk