Hackers Keep Sniffing For Buggy Veritas Backup Software

In late June, Veritas released a slew of security advisories warning customers that its backup software was vulnerable to attack. Shortly after, Symantec noted a spike in scanning for one of the ports used by Backup Exec.

Thursday's alert was a repeat of sorts, although the port being probed is different -- TCP port 6101 -- and is likely caused by a different piece of malicious code.

"The scanning may be associated with a recent rise in infection rates attributed to a variant of Spybot observed by Symantec DeepSight Honeypots," read the alert. " Spybot includes an code targeting vulnerabilities in Veritas Backup Exec in its arsenal of exploits."

Among the evidence Symantec used to back up the alert was a steep rise in the number of IP addresses from which the port probes originated.

id
unit-1659132512259
type
Sponsored post

Administrators should patch Backup Exec "as soon as possible," advised Symantec, and filtering incoming data for port 6101.