News Stay informed about the latest enterprise technology news and product updates.

Major spike in activity on TCP 5168, SANS says

The SANS Internet Storm Center is reporting that there has been a spike in activity on TCP port 5168 over the last few days, perhaps attributable to attackers looking to exploit a couple of vulnerabilities in Trend Micro’s ServeProtect. The ISC came across the activity on port 5168 through a report from a user whose network had been compromised. The handlers checked out the information the user sent in and discovered that the problem stemmed from the presence of a ServU Trojan that was cloaking itself as a Java Virtual Machine. But a little more inspection showed that the same attacker was trying to connect to a different machine on the same network over TCP 5168.

The amount of activity that the ISC has seen on that port has nearly quadrupled in the last three days, a pretty good indication that things are going awry somewhere.

Technorati Tags: , ,

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.