Hackers Hit Trend Micros ServerProtect
Security researchers warn of increased activity over TCP port 5168 associated with ServerProtect.Hackers have set their sights on security vendor Trend Micros ServerProtect. Several security researchers have noted a massive increase of activity over TCP port 5168 connected with ServerProtect, an anti-virus software product for servers that had a number of vulnerabilities publicly disclosed earlier the week of Aug. 20. All of the vulnerabilities, which could lead to remote code execution, have been patched and the security fixes are available to customers. "Various people are abuzz trying to figure out what malware is behind this," Jose Nazario, senior security researcher at Arbor Networks, in Lexington, Mass., wrote on a company blog. "At present it seems to be a botnet causing all of the havoc."
Officials at Symantec, in Cupertino, Calif., said in an alert Aug. 23 that they have observed active exploitation of a Trend Micro ServerProtect vulnerability affecting the ServerProtect service on a DeepSight honey pot and are checking to see what vulnerability had been targeted.