Hackers Keep Sniffing For Buggy Veritas Backup Software

In late June, Veritas released a slew of security advisories warning customers that its backup software was vulnerable to attack. Shortly after, Symantec noted a spike in scanning for one of the ports used by Backup Exec.

Thursday's alert was a repeat of sorts, although the port being probed is different -- TCP port 6101 -- and is likely caused by a different piece of malicious code.

"The scanning may be associated with a recent rise in infection rates attributed to a variant of Spybot observed by Symantec DeepSight Honeypots," read the alert. " Spybot includes an code targeting vulnerabilities in Veritas Backup Exec in its arsenal of exploits."

Among the evidence Symantec used to back up the alert was a steep rise in the number of IP addresses from which the port probes originated.

Administrators should patch Backup Exec "as soon as possible," advised Symantec, and filtering incoming data for port 6101.