Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Internet travelers should beware of Ibiza

Feb 14, 2004 11:34AM PST

Security firm iDefense is warning Internet users about a new Trojan horse program, known as Ibiza-A, that exploits a vulnerability in Microsoft's Internet Explorer (IE) web browser for which no fix currently exists. According to iDefense, the Trojan has infected at least 5,000 computers as of February 13, 2004. Users can only be affected if they click on a link that appears to lead to a travel-related website; once a machine has been infected, Ibiza downloads and installs additional code, changes the Windows registry, and opens TCP port 10002 to listen for commands from its author. To protect themselves, users could utilize different browsers such as Mozilla or Opera or only visit websites they trust.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci950421,00.html

Discussion is locked

- Collapse -
Re:Internet travelers should beware of Ibiza
Feb 14, 2004 4:52PM PST

Hello Donna,

Are you able to tell me whether I am protected if I have my firewall (Sygate Personal - free version)set to ask for permission to access the net??

I currently have most applications set to ask and only certain program (i.e. virus set for automatic access.

If I have to actally close the port, apparently I need to select both the local port and remote port. Is the remote port the 10002 mentioned above??

Thanks, Lesley

- Collapse -
Re:Re:Internet travelers should beware of Ibiza
Feb 14, 2004 7:21PM PST
Are you able to tell me whether I am protected if I have my firewall (Sygate Personal - free version)set to ask for permission to access the net??
It can help but not 100% until your on-access antivirus has added protection for Ibiza trojan. Since you are in control which of the applications will have access to the net, again... it can help.

As per http://www.iana.org/assignments/port-numbers , port #10002 is an Unassigned port which should not be use. I suggest that you review the firewall rules and make sure that it is not in use or if it is in use, make sure it is blocked to communicate for TCP>inbound.

If I have to actally close the port, apparently I need to select both the local port and remote port. Is the remote port the 10002 mentioned above??
Choose local port (TCP>inbound).

HTH
Happy