A surge in scanning on a port associated with a Windows flaw patched last week suggests that a mass worm attack may be imminent, experts said.
A rise in activity on TCP Port 445 could be a sign that hackers are trying to exploit a flaw in Server Message Block, Gartner analyst John Pescatore said Thursday.
"Increased scanning does not always mean an attack will happen, but it greatly increases the odds that one will," Pescatore said. "I don't think this has a high probability of a worm, but if people get lax about patching the odds of worms goes way, way up."
Like would-be burglars knocking on doors looking for a likely target, Internet intruders sometimes scan random computers to see if a particular network port is available, as a precursor to attack.
TCP Port 445 is used by SMB, which Windows uses to share files, printers, serial ports and also to communicate between computers. Microsoft recently released a fix for the "critical" vulnerability in the protocol as part of its monthly patch cycle.
Increased port scanning has preceded major worm outbreaks in the past, Pescatore said. Alfred Huger, a senior director at Symantec Security Response, also said that a worm could be on its way.
Users should patch their systems as soon as possible, they both said.
However, Pescatore and Huger also note that port scanning by suspected hackers is common after Microsoft discloses vulnerabilities. Furthermore, this particular Windows flaw is not easy to exploit, so the scanning may not be an ominous sign at all.
Symantec saw a spike in scanning on TCP Port 445 last week, but the probing of the port has since gone back to normal levels, Huger said. "I don't think we should be screaming the barn is burning by any means," he said.
Microsoft is not aware of any active attempts to exploit any Microsoft vulnerabilities via TCP Port 445, a company representative said Thursday. Also, the software maker has not received any indication of malicious activity associated with the security vulnerability that affects SMB, the representative noted.
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Join the conversation