Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 53 Back on the Radar

Published: 2005-12-11
Last Updated: 2005-12-11 20:44:44 UTC
by Tony Carothers (Version: 1)
0 comment(s)
Handler Patrick N. pointed out that port 53 has made a comeback as of late, with the release of W32.Spybot.ABDO.  Symantec's write-up points out that Spybot.ABDO "Opens a back door by connecting to an IRC server on the following domain through TCP port 53".  Looking at the Port 53 Report using DShield data, the amount of targets has more than doubled in the past ~48 hours.
 
Something to keep in mind is that this time there may be several unscrupulous activities using 53.  Other malware that has been discovered in recent months, using Port 53, include Backdoor.Civcat, Trojan.Esteems.C, Trojan.Esteems, and W32.Beagle.BH@mm. 

Any thoughts welcome.....

Keywords:
0 comment(s)
Diary Archives