Networking

06:50 PM
Connect Directly
RSS
E-Mail
50%
50%

Symantec: Another Surge In Worm Scanning For Unpatched Antivirus Software

Sensors monitored by Symantec's DeepSight threat management service have reported a significant spike in traffic related to TCP port 2967, which Symantec has traced to scans generated by the "Sagevo"

Symantec said Friday that it had detected another surge in scans for a port associated with a worm that's been sniffing for vulnerable software made by the security company and warned users to patch immediately in case the malicious code morphs into something more dangerous.

Sensors monitored by Symantec's DeepSight threat management service have reported a significant spike in traffic related to TCP port 2967, which Symantec has traced to scans generated by the "Sagevo" worm, recently released malware looking for systems running some of the company's enterprise antivirus software.

Flaws in both Symantec AntiVirus and Symantec Client Security were revealed in May and patched that same month. Sagevo, however, looks for unpatched machines, then tries to gain control of them.

Symantec reported that the number of sensors detecting scans of port 2097 were up over an uptick earlier in the week. "This is the most significant spike observed to date since the discovery of malicious code targeting the associated service," Symantec said in an alert to DeepSight subscribers.

"These scans are arriving in waves," says Vincent Weafer, senior director with Symantec's security response team. "When [the worm] is on an infected machine, it creates 512 threads on the box, and scans sequentially from the bottom up. [Meanwhile] any infected machines below that [IP address] also scan at the same time."

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Twitter Feed