Mysterious hackers are targeting PCs with vulnerable 6112 ports, security authority the Sans Institute said this week.
The number of scans destined for port 6112 (dtspc) have increased fivefold since 21 January and Sans believes that this is because exploits exist for vulnerabilities on this port and systems are being compromised and backdoored. vnunet.com reported that this port was being actively exploited last week.
"The rootkits that have been discovered varied in style and naming, which usually indicates that they were installed by different parties," said a Sans spokesman. But he added that "worm like activity has not yet been seen in the wild".
However, the combination of details is enough to "cause concern", the spokesman said. Recommendations for reducing the risk from such vulnerabilities are available from the Computer Emergency Response Team, here, and the Honeynet Project has also provided information.
In a second announcement, Sans warned of an increase in port scans on TCP port 12345 in recent days. Historically, this port has been associated with the infamous NetBus Trojan horse, but Sans pointed out that Trend Micro's OfficeScan antivirus product also listens on port 12345.
Aside from the fact that hackers could be searching for NetBus infected machines, it is also possible that known vulnerabilities in the OfficeScan software are also on the menu.
According to Sans, OfficeScan can be tricked into not scanning certain files for viruses and accepting potentially malicious code. However, Trend Micro said that a patch is available from its website to plug the hole.
Although antivirus vendors have had signatures available for NetBus for two years now, it is still not clear whether the increased scans on 12345 suggest that hackers are looking for infected machines, looking to exploit vulnerable versions of OfficeScan, or something more sinister altogether.
Double legal trouble for Musk as he also faces civil lawsuit over renewed British pot-holer 'paedo' claims
Battery development could help boost performance of smartphones
Topological photonic chips promise a more robust option for scalable quantum computers
In quantum physics both the chicken and the egg can come first, claim University of Queensland researchers
Cause-and-effect is not always straightforward in quantum physics