Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Hackers Hit Trend Micros ServerProtect



 By: Brian Prince
2007-08-23
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Security researchers warn of increased activity over TCP port 5168 associated with ServerProtect.

Hackers have set their sights on security vendor Trend Micros ServerProtect.

Several security researchers have noted a massive increase of activity over TCP port 5168 connected with ServerProtect, an anti-virus software product for servers that had a number of vulnerabilities publicly disclosed earlier the week of Aug. 20. All of the vulnerabilities, which could lead to remote code execution, have been patched and the security fixes are available to customers.

"Various people are abuzz trying to figure out what malware is behind this," Jose Nazario, senior security researcher at Arbor Networks, in Lexington, Mass., wrote on a company blog. "At present it seems to be a botnet causing all of the havoc."

Resource Library:
Officials at Symantec, in Cupertino, Calif., said in an alert Aug. 23 that they have observed active exploitation of a Trend Micro ServerProtect vulnerability affecting the ServerProtect service on a DeepSight honey pot and are checking to see what vulnerability had been targeted.

The company advised administrators to block TCP port 5168 at the network boundary or deploy strict IP-based access control lists to hamper hacking attempts.

Meanwhile, the SANS Institutes ISC (Internet Storm Center), based in Bethesda, Md., reported that the ServerProtect exploit is against an older, patched vulnerability from February. If exploited successfully, a hacker could trigger a stack overflow and execute arbitrary code.

Click here to read more about the security flaws Trend Micro fixed in ServerProtect and other products.

Mike Haro, a spokesperson for Trend Micro, also based in Cupertino, said the company has not received word from its users about any successful exploits, but urged customers to update the product.

"It is imperative that ServerProtect customers patch as quickly as possible," he said

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Hackers Hit Trend Micros ServerProtect
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


xv(VQΎSzɶlkmy[v:3gi(S$7IϷ% o˗sNm BPU(;vv/I KǘZd'{>Y"IwL#3yEG Ϡ^=dN-w5 E]0ezFv@LC᳑y^(1vR uɘqPWɈ^DQ_Fܨle0-ZAjR,!j 9a?xh=#@IR(cM.{H~P#4j$,oaX|؁_8ALDDF;$E%U5"p8$>vl={zn;J 1V9aTK]K{:$AQD2%v+6^@^ cLȁRh_ *Y2DFL$ ٪؁Y$ӤRcfx=8Qw^B]ݱ\.ϐ2_jt4Ԭ}kSźcG 5G]L0 -y~0[ E%$w5uQß|)~b>4'Ίܢn?C}mUuw#ϙ!z8y$ENX* ?q74LaHO LE3ˡ,kFp0閩lȺuWSҁZUZR,(ŃATyxx=DFI/jonFxPPdjMOr ])2!,rrnNsK׺iw[:>?iN}f%̐TT̠K`W: !㽩S==}m_tnsCNZǭ.g:PڟLm3H?ZU=?o!qb{ dP[w8Lwjt 3?\8Zן.$#mXOz'0io,Yn]eH&)ލXY|D͜4o ߦA&@ - :3vfHx۬1 rB„ԼgR49VϠ蟱$Wm4@r1XSl؅ RR?{IK ߪr@@jR~nV(+S%EI7#DD v<#r!DKI88{c/GsV g-j\Gg!feޜ,҅9]Wa oV\zcfMt;W~luͳLqHXx7Y`F-Y`\\67J 6kdZ+BE ~ @8ʍ?76m!S[ö@ .SjS+iaL>:NPGm0}B s:4N8>hH2AC66^lK 4}l>#a V83 4Bu@n!10'wLP#iwM۠h&r<5$FʦOM&@B9ǻޚ~(wzt 4,/O`\@Z9`$8ʼ m ¢Psԧr` Qm^3-m`Z`1 5:%ѥ6t^\HQzO dQJ dhO$@!-i]R@Az68 -8,rrl+ M􎄰b .<ҦBIKRx&,S,BV-KᗄPf9i2mń󍜈="`MfT`B[oKᅖ&RlY,*5U=(WS& MXN{c~bjkȑ3 rG#76ql9`n5҉<\y͏/S@}Q.j4뼜3N#k[}U߄T RsA|5i!WL yֹyBN{2 KFM'WR{*) T$1,g0d׌{Oq=;7Rt&ZC+>qi;[@Jg˲r 5fYV{-U%fcP*틟aik!|/~7 m_¬x顖39ϵD4$B]>@p.,YG#1~hϳahQsnw߱>K50_ܰ킡;ʅwLYZsX*j%R{5>k掭,0!.(2n( _ TW`bL0NaNcy9|I=Xvl.>q6*|h>JeH;~L C5,&{gm1Jhx=e\8,[b)0{O.#Všc=M\Sga5.HWMw!b|zjN BH= D+ه0`M Eg;6R>_B_wa /B>)ID ȸla,Ce9ִ&3t,yXM>QȚD£(MEVD.M{ \irˈpjXEJ < ġMDBYaT90l]x>L}굍VV0\}Дa˘30|qqF$kD(O4Yy j4A3 lVBS[O ϗ*bRfU`r 9L]Cp/qמ8ܱᶗ}Ө7 _>k냩ܦ[pC'>#\\aQacƖ4FXX/H]M;H̎GTJR?!!?$`TP9嫠E ӣzP{0s~J~;ufv94t]#@$/zb]rC XQV`3s;M*?bLg%:<!pwC*j>oԻ3ubH}:G:D`LEWY)iP9\QӲ+ZЁQ}?qkh豸6] QB|z0d&^WaY[ z^T yښO XsLJ1ር54f;N'wT/6 h)C06U{z@n)Z'ڽϚvhTr_D婛CIۛg|=~A-rF 7=_`%t/mAșY!ړuIt ^_U `,fqN epvN{5-`L'K{_=(UXc׃0 IG}wSW>yUmG6~ &zi%[ŜRx` f΄zlh;Eqj}}q 4 8"NZ?RMՉԾlpg-:%U>6 2`i0ޫtcܵs'q/D^7ONWg z]N{ F[DHv4r:e}%>\tnUh_$1^Zz0Fp'Bj^ϮYFx s|jބ77b `[&Iz?X<I];f7쐺CtnNZ7Yij ^/Ue fזvy8fV, @RPOh[#NJvZgp4{" B,B ]^aҏ"g(BSiDO§,v:49Sj6}EoJNnVx[LӷoHWYo|E?h[(KhLvrh%縥vI3\ebSP݅{_.Zr3 {y!^+ 7_"HtSϭC26 &5Wm O|'1%N1q0oBO&.;kց橩bJ<:<ad:.Y$y9'ʈ&H. 駢<%$;KB(lAͫ JÚmfyWj/϶n+=&l)8Za!|)Nr >n^`e>aQJiIw 볎Ԣᬖ^}+˼ ɏhu'81 ƻ<[VO~@0GW吜bn]i"6GIsFi:n;GT@(NVu2k=/ ,&:]W_v6}`Nȣ&k{x=c>^YlmDK쐃>;qvcϑ;~\AzswOɭ23Xsjptەc_Dr!NzH,Ɖ3LGN:#͋^4A ̯>w It^ vjpߋ|T意G ڽ9i3rs+nneue)t7qv)+evؽ̾,8-0Nd$4P$|^ͩ ۻȾ?_D\8%++w|72 q/n%P2^;pOܠcé}dOq45 ~y+lF!Y9Ө Lt;dkV, G]EW|ox!,' 4+.C7Q7*Nԧӆes&ʬ%vA)U@t ĸ[0eWPn=/ðlCOkC|lyRz5IL3Xx6vě\k>&x曉.l֩ܚ0a`Pir=Zgx4} d|;~b^+ \XQ ]6^$SY.G,1w}J5edvvHX)3 g$#|~v\ltѣ39|/C H̎c3`~ )V+` vQ'8>z3GܵGq?UY۠JHJdzfhH/%kfs:}(];xTjzH= :RPȫ+ScpX" ,᰾-ښapc`Sx>N?<֣k9&.ԱآAK`/AZ2Vb;[ h&kM୊ 6Dފޚd!K3+nϡjaS-c]-Sq`L$0t\jK]n9JW9.zrRQ*j6bC$ 2/E"Ȥ|5?nKƳ4\z;=ZUP#C&!j%媀5!+RbN!Auޒ ˯n 0ZO = CaLش%?2Y9@)H"!b\*QHp۲K %B⹊ Yy}c|aI9FDy "}Z6S9  YVs)+"|9m/fW6e3kROG0)s*LJ*O#h;qmJl.cv߱R>\ [qg5}U{ɍ4q!Ns[R"ڛ>{R@s:Y΃w`QcDշb7&PHiغ"?*M1%Gjځ)u]m uArfthlTlCN)Qr:zgYVb `''%`I(:|tlM Tj yԩSrjV?M505[Xi޺! +a|?KZ$Eýc?؎Zǰ{XS`A, qbqx{y/YDBH qcu<`~%B"lƶ564יjt#-N{8`.>>0 i)#L1me& MDoNƛ7!w)98@I6|MoL5B YoM_ص]jp^ߙ:$pfU5HGmbݓ/\ucd_1}{ "/VJ~yCpZfW8LdAfN?S!z1d]ďe:jKքt9sƖF=fѮFDŽ<+XSªXu9!?+"}mkgY7Ar:ұ3X:ðqL* ^;C'!A{#GYG]O:d6lcoMw%nx]>ܦtXc%qEW%6]cM?ف/I`Im{hM1䯩Z7ОVm`|@L@"n '@ִHV}ol[OsA|ԝ:N:ɍ{9Ҭ.auIXYX -.w?cblwJ@&pY$X$Eha`D9 i4Q Nu;4Rb0a?Sp<o5:^>X xY^x# Ey&EϬ9:MXqscw9X<Uy,B@j oOlۛiɥ^vx}m p&3u?1m3 dg/Tّԉ_gÇ1e5o_x1c븚e)d|K#7n`hŗ#wŷqfj7uT(~\-p~@tϡkxw7 l/`4S)^ [oނ6௺aqlaq$ EǕDnZ[-,%5VfH, $8&S=.U#*Nhf33quDs5{*.^rp8G f\9yv?Yͧ{4vjï~_r/UR7 yT[[_E0jZl2О$ߤKw qEx] ͉|= T׻wO/P5Ix4C (|17ta/{*xw(eA"h`_W es>7>kE_A--jgP?-$xJtV?FMC gcþŝG|CMz7,3L dFd,Nwh6O`aVfmM6F~HH}f'}'ߛ w;a8t*LI|kcu@)ώOcc ?"ݎxI/=DךRN|l:R *po?mqC~txx3nOR]Vjc!!h0OAw7,yq~r,zDo?m8у$_4k'3Js+A#샒=%h ,qx/"Ds 4n0?.(ΖaA2 D9"'"KIH*,]N|clml?QX2xLzmͤ<؎7Ѭљ6gMEfAȢi\sI bS+A~"^gZ:bK<& #zkPWsƌFSj9.=ɣ.j\S^*Z!ѤU)>並Ũt/jkb^hm;Xexfm;b/k mLJ8Ow| 􄼥޼tgO%Yq>/z<}UV> >'yr&cKЊ cG2Zs`miXI>H'̢ߊ%Ubϗm}P)ÿY{7|sZ`L˛i_31F~ŷn(lC;b21C\.G9CךH8ʿI("*@`*-5C!L)%D7UI8FoL- b\ ʙw}V8ĭ1d@ |dbBKl͒s\jfN:We_ g>򽉁0uScN2SΥiAZ\?& .ycI xhW(evt…9 1º/#}|AaZ 3+VR SB`j_)9#z'$1K1yFy}T+,L,cy4W )S / x KuO1>50 }a3br5cѼBN;7INoZ-t=i_ڝ+rԺU"lkni|[s9rܹrھj]ߴzƩLSe&E`4y2 WSr=Zqm.4 /"G}Yb*wDU Ccqv^cg|,ڽ5E6e1DU@ 904!~pڽ/kJ9ٝ%/KcySw&h5{Q`1D 'M&7 )nu:U+Mj^+Q_m^;^WȿMwV# NZ+!xy)t}}Oۙy{y~$h+CLjE>^n" Y/Vٮqb|.+ /W^%r}.+ y?/?/W'Պ_}+!|E _+/!rE>ՊZ!?W0~W+ƯwVY:_:+5 +ܬ.]wE{^ WC>gU+ڿ]- Kub 9k^픊hE~)8Z/2U+ Oa uu"W賲+Vڍ ~-2z˅L+_uW{%̭L_ǝBX\ #ύ%%+_pۭ]+}:c|"xb#6»8xEqZ& 3l?V\[[,Oнۺ{' Jݓs+z`Oc_Lb}+r>VDV/q&R2O̜Y* 4Ⱦ6q-cO,Wn#=DzԦ`Gaxq0:ۓ{o].wpSh7OepK*􋇎` K})nmG;}hOf-0v`;w6 K췡^2AH[N\Lv}~hQZg_4LxޢURW&GG&>iucj2cy33 @%!:i@1 O;8P2b'uqTtr@.>'LS mL&m\ʠaC3؜9Nij[z0 c|򷁞gji }bq0X9shޠz4}z8Ҿ6%ǐ e] :/ tq n#QS Z~k0FY@Z'i^:a1q&F\11𲙄a̟nr0m&ĴG`ŤA>`h$d-$Gb@꯿H`Xk/r7Bf3Zfr{^f$jA+_ac˙; 0Jq} }]pz5s± Exwqg/?Hy$Gl;bkް %uಓ+'cY=g MĮ fAj|aGI LfKH\!L\&l/[l,^)1K 54I ߁93r^ {PN`>x(8bYאY,&Jh݄wJ-P%.n2!<t<&QᏯ霰)#,L$Xm)Ӿf,ӣuǎg}K3<(xkläL[LF\gȌk]聋gj :BQF& v='ID/h˦EMfάP{j9.KPRJVr. ?.ՄfwU&b1?0x!$5>,D*_yzH1|tloMT*L[3 |qCcc'L읚f%r1abV!qmeFۧ7-[7'@<}kc'pgخ;q^gt#>Ƌrd{Ko fW3$+E`7g+~" Vś,a5V?`(Z| Ӽ'|~d}Oןe%\#dܨo`oDl n Ԣ?Ng(\*]S)ۉYbd霙F9~(@P 9^BeY^|:y-.Efuݎ2B2epCikRs c4|vl~EJJlH2m5'0X1'(R'Qfozԛ'TxUHF>-h\l}{Mv,S0EiѸ;3E~c-pPf|.+*玅Z 12Ko$֬=LE,5Rb8(G-zk|F 9TMhc{pfa&'CG# τ T4}|j9]Hȱ`,Hv"V|8)ҡCAؚB>eSgN܌DŽ2+"4poq=dzИJȆw# sgGsayq@Ԃ+NNEg@|OI4{b%)ʧ=Ef+A!. ǎsg]\ Nm9$w'uW?N^ 20l/#e'^&-x̴~g~bu 0n";j@V ΰG2'Q (cfg#CӌATB4BK3jܴHsqA)/HI(^J+ٷb(1j-o4EJWuN[d><$|2A %Z+u`mDcS`u hǭ&NE[A= kꐩf+8<ds>ɂ5_EbaOO{y/>3#TRr1a<"ėsciOxpHaQr%a_ >lTpFYJJej_6E IňANvB 93,y^[$+}a yqx w3sr)rSe7[KTԤ{(w|=q?]HaA F(ӹ9iA0VXI,YZ^f7Q\M1 XCXxղZI,! X!m!%ɁR0:Ҙ0z+\̆mJ [2#3M-NBLB^Z(