Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Port 53 Back on the Radar SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 53 Back on the Radar
Handler Patrick N. pointed out that port 53 has made a comeback as of late, with the release of W32.Spybot.ABDO.  Symantec's write-up points out that Spybot.ABDO "Opens a back door by connecting to an IRC server on the following domain through TCP port 53".  Looking at the Port 53 Report using DShield data, the amount of targets has more than doubled in the past ~48 hours.
Something to keep in mind is that this time there may be several unscrupulous activities using 53.  Other malware that has been discovered in recent months, using Port 53, include Backdoor.Civcat, Trojan.Esteems.C, Trojan.Esteems, and W32.Beagle.BH@mm. 

Any thoughts welcome.....


150 Posts
ISC Handler
Dec 11th 2005

Sign Up for Free or Log In to start participating in the conversation!