On 9/15/05, Joanna Roman <[EMAIL PROTECTED]> wrote: > > > Whoever is about to submit the spywares, may I ask > whether those spywares come in via port 80 or port 21 > ? > >
95% of the spyware I have dealt with sends out data from itself on one of 3 channels: 1) 80/tcp 2) 443/tcp 3) 53/tcp or udp The rest of it sends out data via some other port (8080, 6667, choose something on the day). Getting the spyware is usually done via port 80. Although the really bad spyware which is mostly malware may get downloaded from port 443, 8080 or some random port on a compromised botnet. I have not seen much FTP these days... but it was only about 100 or so tools I looked at, and I know that is a small subset of some of this crap. -- Stephen J Smoogen. CSIRT/Linux System Administrator _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
