Symantec issues signature for new worm variant
- 02 March, 2007 11:56
- Comments
Security experts are urging users of Symantec antivirus software to update it to combat a new variant of the worm known as either Rinbot or Delbot, depending on what naming convention is used.
The worm exploits a vulnerability in Symantec software and seeks to set up botnets from which denial-of-service attacks can be launched. It propagates by creating e-mails with the worm program attached or by attaching the program to outgoing e-mail, says Ron O'Brien, a senior security analyst at Sophos .
Symantec has the worm listed as one of two latest threats today, and has issued a Daily LiveUpdate that protects against what the company calls W32.Rinbot.L. Sophos calls the worm W32/Delbot-L.
The worm takes advantage of weak passwords to install on machines including Microsoft SQL servers using Windows network APIs, such as the Messaging API, says O'Brien. The worm creates registry changes in machines it infects that must be removed. Symantec classifies removal as easy.
The worm was detected at work against servers in CNN's network Wednesday, according to O'Brien.
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
-
Customer service still dogs Telstra
-
Customer service still dogs Telstra
-
Foxtel subscriber base grows
-
Obama's H-1B answer in forum may haunt him
-
NBN a pie in the sky: Morgan
-
Windows 7 for Dummies® Dvd+book Bundle
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Microsoft Office
-
Office 2007 All-In-One Desk Reference for Dummies
-
Office 2007 for Dummies
-
MYOB Software for Dummies 6E Australian Edition
-
Windows 7 for Seniors for Dummies®
-
Teach Yourself Visually Windows 7
-
Computers for Seniors for Dummies, 2nd Edition
Comments
Post new comment