Veritas Software Under Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
6/29/2005
02:22 PM
50%
50%

Veritas Software Under Attack

One of the seven vulnerabilities recently found in various Veritas backup components is under attack, says security vendor Symantec.

One of the seven vulnerabilities recently found in various Veritas backup components is under attack, said security vendor Symantec Wednesday. The company -- which recently finalized a merger with Veritas -- recommended that users patch post haste.

The multiple vulnerabilities in Veritas' Backup Exec first went public last week, when the Mountain View, Calif.-based storage software company released a slew of security advisories that outlined problems ranging from possible denial-of-service (DoS) attacks to remote execution of code. Veritas ranked five of the seven as "High" impact, its most dire threat level, while two were rated as "Low."

Within two days of the vulnerabilities going public -- the researchers who discovered the vulnerabilities held the news until patches were produced by Veritas -- Symantec warned that an exploit had been released for one of the most dangerous bugs.

That vulnerability, a buffer overflow flaw in Backup Exec's Remote Agent, could be exploited, said Symantec, by hackers passing an extra-long password to the Agent, software which listens on TCP port 10000 and accepts connections from the backup server when a backup is scheduled.

One day later, Symantec began monitoring a sudden increase in port scanning for port 10000. SANS' Internet Storm Center detected the same spike in port sniffing. "Scans for port 10000/tcp have been increasing ever since the release of the Veritas Backup Exec exploit," the center warned in an online briefing Monday.

According to Symantec's DeepSight Threat Network, the Cupertino, Calif.-based security giant's global network of sensors, the number of distinct IP addresses found scanning for port 10000 jumped from essentially zero on Sunday, June 26, to almost 8,000 by the end of the next day.

"The increase is likely indicative of a bot network performing a consistent and controlled propagation to vulnerable hosts on the Internet," said Symantec in a DeepSight alert sent to customers.

Although the actually exploit had yet to be captured, Symantec was sure the vigorous port scanning was a sign of it being used on a wide scale, and again recommended that Veritas users patch as soon as possible.

As is typical, the bot author used several techniques to hide the code from analysts, and to make it difficult to predict which port may be used by the exploit to communicate back to its creator for additional instructions and/or software.

A "honeypot" system that Symantec set up, however, grabbed a sample of the exploit on Thursday when an analyst was able to simulate a partial infection on a PC and trick the attacker into sending the rest of the code.

"This is indeed the result of a malicious IRC-based bot program, known as W32.Toxbot," Symantec researchers said in the report issued Thursday. Toxbot, which was first discovered in March, can also use various Microsoft vulnerabilities, including those in SQL Server, DCOM, and LSASS, the trio that spawned Slammer, MSBlast, and Sasser, respectively.

"The DeepSight team strongly encourages network and system administrators to take immediate action to patch or mitigate the threat in the vulnerability," the report continued.

But what with the aggressive spread of Toxbot, it may be too late for some.

"Machines that have been left unprotected following the original release [of the security bulletin] may have already been compromised or exposed to attack," Symantec's researchers warned.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll