This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Worm Hobbit - Port 2337 Outlook.exe

Any ideas why Outlook would be using a non standard port? Wonder if anyone can help.

I have ran a GFI LANguard vulnerability scan on my local network.

GFI has detected that my computer has port 2337, which it has associated with a trojan port. I used the netstat -p -ano to pull back a list of ports with their process IDs. Then checked the PID against the task manager PID column, which returned the process as Outlook.exe using port 2337.

Note, my computer is the only one in the company with port 2337 open.

This port is associated with worm hobbit. I have ran a full system scan on my machine using Sophos and it has detected nothing.

This thread was automatically locked due to age.

Parents

0 jak over 14 years ago

Hi,

On Windows at least, port 2337 is just an ephemeral port (http://en.wikipedia.org/wiki/Ephemeral_port ) assigned by the OS to applications as requested.

A process could explicitly listen on it providing that the OS hadn't already assigned it, which I assume is what the malware that uses this port does.

If you wait long enough another process will be assigned this port. It's nothing malicious, unless the process that is using it is malicious.

Regards,

Jak

:16065
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jak over 14 years ago

Hi,

On Windows at least, port 2337 is just an ephemeral port (http://en.wikipedia.org/wiki/Ephemeral_port ) assigned by the OS to applications as requested.

A process could explicitly listen on it providing that the OS hadn't already assigned it, which I assume is what the malware that uses this port does.

If you wait long enough another process will be assigned this port. It's nothing malicious, unless the process that is using it is malicious.

Regards,

Jak

:16065
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data