In association with heise online

24 August 2007, 08:30

Worm attacks Trend Micro ServerProtect

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Numerous sensors are currently registering activities that indicate an ongoing attack against Trend Micro ServerProtect. For example, SANS Internet Storm Center is reporting an increase in scanning activity on TCP port 5168, on which the management service listens. The Nepenthes team's honeypots have uncovered an exploit that connects back to a server on port 10000 to receive shell commands tthat download and execute an IRC bot.

More detailed analyses are still being conducted, but the initial fears that the worm was targeting vulnerabilities in Trend Micro products that were announced a few days ago appear to be unfounded. Instead, Internet Storm Center has announced that indications are that the ServerProtect exploit targets an older vulnerability for which Trend issued patches back in February. Administrators should strictly limit access ServerProtect service Port 5168/TCP, the ServerProtect Agent service Port 3268/TCP and install the available patches as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit