Port 20168, Windows Update Virus

Discussion in 'malware problems & news' started by AplusWebMaster, Dec 11, 2003.

Thread Status:
Not open for further replies.
  1. AplusWebMaster

    AplusWebMaster Registered Member

    Jun 14, 2003
    Philadelphia, PA, USA
    :( FYI...from the Internet Storm Center:
    - Port 20168 Traffic
    Given a recent discussion on our Intrusions list, spikes in traffic to this port can be attributed to a worm which uses this port for tftp file transfers of the worm code. If you see excessive traffic on this port, you may have an infected system on your network.
    - Windows Update Virus
    We received several reports about a new version of a Windows update virus. Like previous similar viruses, this one claims to come from Microsoft and includes a zip file users are asked to execute. In particular as many filters do not strip zip files, you may remind users that Microsoft will never distribute patches via e-mail.
    - Internet Explorer URL obfuscation
    A somewhat more advanced version of URL obfuscation in Internet Explorer is actively used in 'phishing' e-mails..."

Thread Status:
Not open for further replies.