Security Bytes

May 9 2007   3:14PM GMT

Major spike in activity on TCP 5168, SANS says

David Schneier David Schneier Profile: David Schneier

The SANS Internet Storm Center is reporting that there has been a spike in activity on TCP port 5168 over the last few days, perhaps attributable to attackers looking to exploit a couple of vulnerabilities in Trend Micro’s ServeProtect. The ISC came across the activity on port 5168 through a report from a user whose network had been compromised. The handlers checked out the information the user sent in and discovered that the problem stemmed from the presence of a ServU Trojan that was cloaking itself as a Java Virtual Machine. But a little more inspection showed that the same attacker was trying to connect to a different machine on the same network over TCP 5168.

The amount of activity that the ISC has seen on that port has nearly quadrupled in the last three days, a pretty good indication that things are going awry somewhere.

Technorati Tags: , ,

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: