Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Port 20168, Windows Update Virus.

Dec 10, 2003 11:44PM PST

IMPORTANT: One of our mail servers is listed in spamcop's database. If you are using bl.spamcop.net to filter my, see http://www.spamcop.net/bl and reevaluate its use for production systems.

Port 20168 Traffic

Given a recent discussion on our Intrusions list, spikes in traffic to this port can be attributed to a worm which uses this port for tftp file transfers of the worm code. If you see excessive traffic on this port, you may have an infected system on your network.

Windows Update Virus

We received several reports about a new version of a Windows update virus. Like previous similar viruses, this one claims to come from Microsoft and includes a zip file users are asked to execute. In particular as many filters do not strip zip files, you may remind users that Microsoft will never distribute patches via e-mail.

More: http://isc.sans.org/diary.html?date=2003-12-11

Discussion is locked