Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-05-06 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Significant increase on 38566

Published: 2006-05-06
Last Updated: 2006-05-06 20:18:50 UTC
by Tony Carothers (Version: 1)
0 comment(s)

On this quiet Handler day I received an email from a reader questioning recent activity on 38566.  This port is used, according to TrendMicro as BKDR_TRODOR.A, which is a password-stealing backdoor.   The strange thing about this as compared to others we see is the number of sources versus the number of targets.  If anybody could submit some packet captures we'd love to take a look.

Keywords:
0 comment(s)
Diary Archives