Security Bytes

May 9 2007   3:14PM GMT

Major spike in activity on TCP 5168, SANS says

David Schneier David Schneier Profile: David Schneier

The SANS Internet Storm Center is reporting that there has been a spike in activity on TCP port 5168 over the last few days, perhaps attributable to attackers looking to exploit a couple of vulnerabilities in Trend Micro’s ServeProtect. The ISC came across the activity on port 5168 through a report from a user whose network had been compromised. The handlers checked out the information the user sent in and discovered that the problem stemmed from the presence of a ServU Trojan that was cloaking itself as a Java Virtual Machine. But a little more inspection showed that the same attacker was trying to connect to a different machine on the same network over TCP 5168.

The amount of activity that the ISC has seen on that port has nearly quadrupled in the last three days, a pretty good indication that things are going awry somewhere.

Technorati Tags: , ,

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: