Symantec: More Patched Systems, Fewer Potential Victims

Symantec on Monday said that while worm-scanning activity against its corporate antivirus software had increased over the weekend, the number of infected systems had dropped. According to the security company's own DeepSight sensor network, scanning activity on TCP port 2967 is up. That scanning, said Symantec, is thought to originate with what it calls the "Sagevo" worm, also known as "Big Yellow."

"We're seeing a decrease in the number of unique IP addresses," says Vincent Weafer, senior director with Symantec's security response team. "But we're seeing more scanning activity. That actually makes sense, because as there are fewer unpatched systems, the remaining [infected systems] send out even more scans looking for a target. It eventually reaches a saturation [point]." The number of IP addresses associated with port 2967 scanning has fallen off 80% since late last week, Weafer said.

View: The full story
News source: CRN

Report a problem with article
Previous Story

Samsung's Plan for Terabit Flash Memory

Next Story

PowerColor to launch passively cooled X1950 Pro and XT cards

6 Comments

Commenting is disabled on this article.

Hahaha. This is the funniest thing I've read in a while. No **** Symantec... of course the number of infected systems have gone down with your product... I mean, what exactly can your product detect now days?

Quote - Croquant said @ #1.1
You can only hope. :cool:

You must be confusing the consumer based product with the corporate one.

Haha, I was thinking the same thing.

You must be confusing the consumer based product with the corporate one.

I'm afraid it's just as bad, may not have the stupid flashy things like the consumer one, but it's still a very lousy product, late virus detection at it's finest!