Symantec said Friday that it had detected another surge in scans for a port associated with a worm that’s been sniffing for vulnerable software made by the Cupertino, Calif., security company, and warned users to patch immediately in case the malicious code morphs into something more dangerous.
Sensors monitored by Symantec’s DeepSight threat management service have reported a significant spike in traffic related to TCP port 2967, which Symantec has traced to scans generated by the “Sagevo” worm, recently-released malware looking for systems running some of the company’s enterprise anti-virus software.

Story at