Last Updated: 2006-11-27 19:17:54 UTC
by Joel Esler (Version: 3)
We've received reports from .edu (Thanks!) of a massive new outbreak of bots exploiting the Symantec Client Security and Antivirus escalation of privilege vulnerability. ("new" implying the outbreak, not the vulnerability :)
More details on the vulnerability here.
We have not seen the botnet here at the ISC, but if you are having experience with it, please write in via our "Contact Us" Button, and let us know!
Port traffic on the Symantec Client port (2967) has drastically increased in the past few days.
Last Updated: 2006-11-27 17:38:36 UTC
by Joel Esler (Version: 1)
Mostly non-us based as I have noticed, and ranging from topics old and new such as Stocks, Microsoft Updates, and the nearly-famous 'Nigerean' emails.
As always make sure your users are educated as to the presence of these emails. It's generally recomended to avoid html email totally.
Good luck, and welcome back to work .us people!