Handler Patrick N. pointed out that port 53 has made a comeback as of late, with the release of W32.Spybot.ABDO. Symantec's write-up points out that Spybot.ABDO "Opens a back door by connecting to an IRC server on the following domain through TCP port 53". Looking at the Port 53 Report using DShield data, the amount of targets has more than doubled in the past ~48 hours.
Something to keep in mind is that this time there may be several unscrupulous activities using 53. Other malware that has been discovered in recent months, using Port 53, include Backdoor.Civcat, Trojan.Esteems.C, Trojan.Esteems, and W32.Beagle.BH@mm.
Any thoughts welcome.....
Dec 11th 2005
1 decade ago