Botnet attack on college and university networks uses Symantec AV flaw. College and university networks around the world are being attacked by a fast moving malicious program that exploits a known hole in Symantec’s corporate antivirus program, according to reports by Symantec and the Internet Storm Center. Symantec says a new worm called W32.Spybot.ACYR spreads by taking advantage of a number of patched Microsoft vulnerabilities and a previously disclosed hole in Symantec’s Client Security and Antivirus software. Symantec patched that hole back in May, but apparently some of its customers haven’t applied that patch yet. The botnet is hitting college and university networks primarily, with published reports citing infections as far away as Australia, and reports of infections at major universities in Arkansas, Texas, California and Minnesota in the U.S. The program spreads using a built in FTP server dubbed “reptile” to spread and establishes a connection to an IRC command and control server once it has compromised a computer. Symantec advised its customers to update their products to the latest available security updates and other software patches, and consider blocking Port 2967 at their firewall. Security