Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Symantec Warns Of Bot Sniffing For Veritas Vulnerability

A bot is aggressively sniffing for systems equipped with unpatched Veritas software, Symantec warned Wednesday. It urged users to update the backup program, or failing that, take other safety measures.

A surge in scans of TCP port 6101, which is associated with Veritas Backup Exec, was first detected by Symantec's DeepSight network earlier this week. By Wednesday, the Cupertino, Calif. security company had finished its analysis.

"The bot appears to contain propagation functionality that targets numerous [Windows] exploits including LSASS, Workstation, DOCM, ASN1, network share access, and SQL injection," Symantec said in an alert to DeepSight customers. "It is likely that the bot, upon compromising a system using any of these mechanisms, will join the [IRC] channel and begin scanning over TCP port 6101 [for additional systems]."

Most bots, including the one uncovered by Symantec, use IRC (Internet Relay Chat) to send data to and receive instructions from their human controller, or "bot herder."

"[We] strongly encourage administrators to ensure that all systems running Microsoft Windows have been securely locked down…if possible, network shares should be disabled and the latest patches should be deployed," the alert continued. "Those running Veritas software should ensure that the latest versions have been installed to prevent the exploitation of this issue."

  • 1