Mysterious hackers are targeting PCs with vulnerable 6112 ports, security authority the Sans Institute said this week.
The number of scans destined for port 6112 (dtspc) have increased fivefold since 21 January and Sans believes that this is because exploits exist for vulnerabilities on this port and systems are being compromised and backdoored. vnunet.com reported that this port was being actively exploited last week.
"The rootkits that have been discovered varied in style and naming, which usually indicates that they were installed by different parties," said a Sans spokesman. But he added that "worm like activity has not yet been seen in the wild".
However, the combination of details is enough to "cause concern", the spokesman said. Recommendations for reducing the risk from such vulnerabilities are available from the Computer Emergency Response Team, here, and the Honeynet Project has also provided information.
In a second announcement, Sans warned of an increase in port scans on TCP port 12345 in recent days. Historically, this port has been associated with the infamous NetBus Trojan horse, but Sans pointed out that Trend Micro's OfficeScan antivirus product also listens on port 12345.
Aside from the fact that hackers could be searching for NetBus infected machines, it is also possible that known vulnerabilities in the OfficeScan software are also on the menu.
According to Sans, OfficeScan can be tricked into not scanning certain files for viruses and accepting potentially malicious code. However, Trend Micro said that a patch is available from its website to plug the hole.
Although antivirus vendors have had signatures available for NetBus for two years now, it is still not clear whether the increased scans on 12345 suggest that hackers are looking for infected machines, looking to exploit vulnerable versions of OfficeScan, or something more sinister altogether.
Yeah, sorry about all that, simpers Zuckerberg
Vivaldi promotes DuckDuckGo search engine over Google over privacy concerns
Scientists say that strontium titanate could transform electronics
The wheels of justice grind surprisingly slowly