Feeds

Bot spreads through anti-virus, Windows flaws

Universities and schools worst hit

Choosing a cloud hosting partner with confidence

The Internet Storm Centre's assessment agreed that the bot software appears to only be spreading at a moderate pace and only among universities and colleges, with a few exceptions.

"The spam and the scanning seems to be widespread, while the reports of infection have come from edu's (educational institutions) and a few home users," Mike Poor, an incident handler at the Internet Storm Centre and a security analyst with Intelguardians, said in an email interview with SecurityFocus.

The slow infection speed surprised Scott Fendley, a security analyst with the University of Arkansas and an incident handler with the ISC. While Fendley estimated that thousands of the school's computers were vulnerable to the Symantec flaw, only about 30 systems were actually infected.

"We are currently attempting to understand why this did not propagate faster or infect other hosts on campus," he told SecurityFocus in an email interview.

The software does not appear to explicitly be targeting educational institutions, according to Symantec's Weafer (see correction). However, because schools have less strict policies regarding upgrading critical software, students and academic faculty may be the most vulnerable, Fendley said.

"As university environments are very decentralised, group policies and other mechanisms used to keep software up-to-date and well managed, may or may not exist," he said. "So one department may have completed the upgrades, when the office next door is still using a much older version."

Bots created with the the SpyBot software connect to Internet Relay Chat and await commands. The software attempts to detect if it's been quarantined in a honey pot by looking for the signs of a virtual machine and debugger software. The program uses the File Transfer Protocol to copy software onto compromised hosts.

Symantec recommended that users of its Client Security and Antivirus Corporate Edition update to the latest version of the software.

CORRECTION: The article attributed the assertion that the bot program was not explicitly targeting educational institutions to the wrong person. Vincent Weafer of Symantec stated that the attack did not seem to be targeted.

This article originally appeared in Security Focus.

Copyright © 2006, SecurityFocus

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan
Encryption would lead us all into a 'dark place', claim G-Men
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.