Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Port 53 Back on the Radar - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 53 Back on the Radar
Handler Patrick N. pointed out that port 53 has made a comeback as of late, with the release of W32.Spybot.ABDO.  Symantec's write-up points out that Spybot.ABDO "Opens a back door by connecting to an IRC server on the following domain through TCP port 53".  Looking at the Port 53 Report using DShield data, the amount of targets has more than doubled in the past ~48 hours.
 
Something to keep in mind is that this time there may be several unscrupulous activities using 53.  Other malware that has been discovered in recent months, using Port 53, include Backdoor.Civcat, Trojan.Esteems.C, Trojan.Esteems, and W32.Beagle.BH@mm. 

Any thoughts welcome.....

Tony

150 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!