Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: New Botnet? SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Botnet?

We've received reports from .edu (Thanks!) of a massive new outbreak of bots exploiting the Symantec Client Security and Antivirus escalation of privilege vulnerability.  ("new" implying the outbreak, not the vulnerability :)

More details on the vulnerability here.

We have not seen the botnet here at the ISC, but if you are having experience with it, please write in via our "Contact Us" Button, and let us know!

Update #1:

Port traffic on the Symantec Client port (2967) has drastically increased in the past few days.




Joel

454 Posts
Nov 27th 2006

Sign Up for Free or Log In to start participating in the conversation!