Hackers target vulnerable 6112 ports
Source: Vnunet
Mysterious hackers are targeting PCs with vulnerable 6112 ports, security authority the Sans Institute said this week.
The number of scans destined for port 6112 (dtspc) have increased fivefold since 21 January and Sans believes that this is because exploits exist for vulnerabilities on this port and systems are being compromised and backdoored. vnunet.com reported that this port was being actively exploited last week.
"The rootkits that have been discovered varied in style and naming, which usually indicates that they were installed by different parties," said a Sans spokesman. But he added that "worm like activity has not yet been seen in the wild".
However, the combination of details is enough to "cause concern", the spokesman said. Recommendations for reducing the risk from such vulnerabilities are available from the Computer Emergency Response Team, here, and the Honeynet Project has also provided information.