Tweet
Virus by port?
Does anyone know of a web site or database that allows searching for known viruses/trojans/malware by port?
I'm thinking like an /etc/services for malware...
The Internet Storm Center is definitely lacking here... And the malware they do list is old. (They don't even list the Sobig variants on 2280 and 3380.)
AV vendors (Symantec, CA, F-Secure) permits searching by name, but not port.
For example:
2280-2285/tcp is Sobig-E
Perhaps even breaking it down by running application:
sobig-e 2280/tcp # worm
sobig-e-telnet 2281/tcp # worm
sobig-e-http 2282/tcp # worm
sobig-e-ftp 2283/tcp # worm
sobig-e-pop3 2284/tcp # worm
sobig-e-smtp 2285/tcp # worm
Pointers would be helpful.
Thanks!
I'm thinking like an /etc/services for malware...
The Internet Storm Center is definitely lacking here... And the malware they do list is old. (They don't even list the Sobig variants on 2280 and 3380.)
AV vendors (Symantec, CA, F-Secure) permits searching by name, but not port.
For example:
2280-2285/tcp is Sobig-E
Perhaps even breaking it down by running application:
sobig-e 2280/tcp # worm
sobig-e-telnet 2281/tcp # worm
sobig-e-http 2282/tcp # worm
sobig-e-ftp 2283/tcp # worm
sobig-e-pop3 2284/tcp # worm
sobig-e-smtp 2285/tcp # worm
Pointers would be helpful.
Thanks!
Comment