Port 20168, Windows Update Virus

Discussion in 'malware problems & news' started by AplusWebMaster, Dec 11, 2003.

Thread Status:
Not open for further replies.
  1. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
    :( FYI...from the Internet Storm Center:
    http://isc.sans.org/diary.html?date=2003-12-11
    "...
    - Port 20168 Traffic
    Given a recent discussion on our Intrusions list, spikes in traffic to this port can be attributed to a worm which uses this port for tftp file transfers of the worm code. If you see excessive traffic on this port, you may have an infected system on your network.
    - Windows Update Virus
    We received several reports about a new version of a Windows update virus. Like previous similar viruses, this one claims to come from Microsoft and includes a zip file users are asked to execute. In particular as many filters do not strip zip files, you may remind users that Microsoft will never distribute patches via e-mail.
    - Internet Explorer URL obfuscation
    A somewhat more advanced version of URL obfuscation in Internet Explorer is actively used in 'phishing' e-mails..."

    -
     
    AplusWebMaster, Dec 11, 2003
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...