'

Worm spreads through Symantec AV hole

A worm which scans for various Windows and Symantec AV vulnerabilities spread with though a limited number of Universities in the US and Australia.  Although these vulnerabilities were patched by Microsoft and Symantec, the worm probed for vulnerability on port 2967 looking for a Symantec anti-virus client vulnerability found in May of 2006.

A worm which scans for various Windows and Symantec AV vulnerabilities spread with though a limited number of Universities in the US and Australia.  Although these vulnerabilities were patched by Microsoft and Symantec, the worm probed for vulnerability on port 2967 looking for a Symantec anti-virus client vulnerability found in May of 2006.  The irony here is that the software that is suppose to protect the computer it's running on actually opened it up for an attack it wouldn't have otherwise had without the AV software.  This isn't the first time a worm has taken advantage of software designed to protect its host, the Witty worm in March of 2004 ravaged Desktop computers running security gateway software from ISS with lightning speed using an undocumented exploit.

I pointed out back in May that running antivirus on the desktop computer is like having the bomb squad inspect a suspicious package inside your house.  Couple this with the fact that desktop AV software slows your PC to a crawl and it makes us wonder if it's all worth it or if there are better alternatives like gateway AV scanning devices and best practice procedures for desktop lockdown.