From: "Andreas Moroder" <[email protected]> | Hello,
| on our PCs we have this small scripts | c:\prog\bin\wget -Nnv ftp://svc-ftpticket/ticket/download/* | that downloads from a server to the PC the contents of a directory when | the content of the source is newer. | Sometimes on the client our McAfee antivirus systems generates a warning | telling us, that wget tries to connect to our server using the port 666x | ( where x i 6, 7 or 8 ). | Can anyone please tell why wget uses this ports and how I can stop this | ? Why does it happen only sometimes ? | Thanks | Andreas Sounds like McAfee is flagging the TCP data at port 6666 ~ 6668 as possible IRC communications. Many BOTS use IRC for C2. I think SubSeven uses a port in that range. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
