Symantec’s DeepSight Threat network Monday detected a very high level of unusual traffic on TCP port 5000 that indicates a worm’s at work. The latest alert, which notes “extremely heavy activity” on port 5000, is “almost certainly a worm-related activity,” said Alfred Huger, the vice president of engineering for Symantec’s virus watch group. The suspected culprit is the Kibuv.b worm, which hit the Internet over the weekend and exploits a vulnerability in Windows’ Universal Plug and Play (UPnP) service within Windows 98, Me, and XP. The UPnP vulnerability was first disclosed and patched in late 2001. “Kibuv.b is taking advantage of a long-ago-patched vulnerability,” said Huger, “but we don’t consider it a critical threat at the moment.” Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.