Hackers Keep Sniffing For Buggy Veritas Backup Software

Attackers are scanning for system running the vulnerable Veritas Backup Exec software, Symantec says.

InformationWeek Staff, Contributor

August 11, 2005

1 Min Read
InformationWeek logo in a gray background | InformationWeek

Attackers are scanning for system running the vulnerable Veritas Backup Exec software, Symantec warned customers of its DeepSight Threat Management system Thursday.

In late June, Veritas released a slew of security advisories warning customers that its backup software was vulnerable to attack. Shortly after, Symantec noted a spike in scanning for one of the ports used by Backup Exec.

Thursday's alert was a repeat of sorts, although the port being probed is different -- TCP port 6101 -- and is likely caused by a different piece of malicious code.

"The scanning may be associated with a recent rise in infection rates attributed to a variant of Spybot observed by Symantec DeepSight Honeypots," read the alert. " Spybot includes an code targeting vulnerabilities in Veritas Backup Exec in its arsenal of exploits."

Among the evidence Symantec used to back up the alert was a steep rise in the number of IP addresses from which the port probes originated.

Administrators should patch Backup Exec "as soon as possible," advised Symantec, and filtering incoming data for port 6101.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights