Stock-related Spam Ever on the Rise

Symantec has detected a worm that was scanning a port and looking for vulnerable software of the security company. It warns users to deploy immediate patches in case the malware gets hold of something more harmful.

In December 2006, a worm called Big Yellow was in the wild that attacked business systems that did not have patches for flaws in Symantec's two business security solutions, according to a warning issued by eEye Digital Security. These solutions were Symantec anti-virus and Symantec Client Security whose flaws came to light first in May 2006. The patches for the vulnerabilities appeared in June 2006.

Symantec reported that it activated the sensors to detect the scans of port 2097 this week. In an alert to subscribers of DeepSight, Symantec's service for threat management, the company said this was the most significant observation since the malicious code started targeting the associated service.

Vincent Weafer, senior director of Symantec's security response team said that the scans were coming in waves. When the worm resides on an infected machine, it spins 512 threads on the system, and scans from the bottom up. Meanwhile, any affected machine also scans below the IP address simultaneously.

Weafer says in the most recent wave of scans the number of machines attacked and infected was only 70. Symantec noted that it is not only unusual that the worm is spreading slowly, but it could even change at any point in time.

However, DeepSight system warned that the worm could modify itself with the minimum effort so that the IP address of the attacking computer could replace that of the targeted PC. This would then enhance the propagation ability of the worm. Such modification capability should convince administrators to patch the flaw if not already done.

According to experts these attacks are significantly challenging because although they begin in limited numbers but fly effectively way past the attack-detection area. They also believe that if Big Yellow worm shows up in future, hackers will not need fresh vulnerabilities to launch exploits. For this worm exploits a software flaw of Symantec that the company patched six months ago.

Related article: Stock Spamming On the Rise

» SPAMfighter News - 1/5/2007