Malware Shifts to New Port Range

Friday, August 9, 2013 @ 03:08 PM gHale


The developers of the peer-to-peer (P2P) version of the ZeuS malware called GameOver are now migrating the P2P protocol to a new port range.

The old variants of GameOver used the UDP port range from 10000 to 30000 for command and control activities, said researchers at Damballa. The new variants spotted by researchers utilize the 1024 – 10000 range.

RELATED STORIES
Most of Citadel Botnet Down
Spam Botnet Dodges Detection
Customized Mobile Number Harvesting
Custom Spam Uses Personal Data

“During the transition period, you may observe ports being used across both the old and the new port ranges as older versions are being updated to use the new port range,” said John Jerrim, Damballa senior researcher scientist in a blog post.

The most recent versions of the malware use the new port range, Jerrim said. Existing compromised hosts will also update to use the 1024 – 10000 range.

The decision to change the port range comes in response to a detailed analysis of the threat published in June 2013 by Poland’s Computer Emergency Response Team (CERT).



Leave a Reply

You must be logged in to post a comment.