|
Port 25 Details
known port assignments and vulnerabilities
threat/application/port search:
Port(s) |
Protocol |
Service |
Details |
Source |
25 |
tcp |
SMTP |
SMTP (Simple Mail Transfer Protocol). Many worms contain their own SMTP engine and use it to propagate by mass-mailing the payload, often also spoofing the "From: ..." field in emails. If you are not running a mail server that you're aware of, there is a possibility your system is infected.
Integer overflow in Apple Safari [CVE-2010-1099], Arora [CVE-2010-1100], Alexander Clauss iCab [CVE-2010-1101], OmniWeb [CVE-2010-1102], Stainless [CVE-2010-1103] allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.
List of some trojan horses/backdoors that use this port: Ajan, Antigen, Barok, Email Password Sender - EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, I love you, Kuang2, Magic Horse, MBT (Mail Bombing Trojan), Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, WinSpy, Aji, Email Worms, Haebu Coceda, Loveletter, Neabi, Shtrilitz.
W32.Sober.I@mm [Symantec-2004-111900-1451-99] (2004.11.19) - mass-mailing worm that uses its own SMTP engine. Affects all current Windows versions. Checks network connectivity by contacting a NTP server on port 37/tcp.
Trojan.Mitglieder.R [Symantec-2005-070117-2559-99] (2005.07.01) - trojan with backdoor capabilities. It runs a SOCKS4 proxy server and periodically contacts websites with information about the compromised computer. Attempts to open a back door on port 9040/tcp. Might also initiate a SMTP spam relay server on port 25/tcp.
W32.Beagle.CX@mm [Symantec-2005-121511-1751-99] (2005.12.15) - mass-mailing worm that uses its own SMTP engine to spread Trojan.Lodear.E [Symantec-2005-110111-3344-99]. Also opens a backdoor on port 80/tcp and lowers security settings on the compromised computer.
Backdoor.Rustock [Symantec-2006-060111-5747-99] (2006.06.01) - backdoor program that allows the compromised computer to be used as a proxy, uses rootkit techniques to hide its files and registry entries.
NJStar Communicator is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the MiniSMTP server when processing packets. By sending a specially-crafted request to TCP port 25, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [CVE-2011-4040], [XFDB-71086], [BID-50452]
Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3.1.0-dev-00170, and 3.1.0-dev-00176 can use cleartext SMTP on port 25 in some cases where encryption on port 465 was intended.
References: [CVE-2021-43270]
Trojan.Win32.Barjac / Remote Stack Buffer Overflow - Trojan.Win32.Barjac makes SMTP connection to Port 25, upon processing the server response we control, we overwrite instruction pointer (EIP), undermining the integrity of the trojan.
References: [MVID-2021-0011] |
SG
|
25 |
udp |
games |
Final Fantasy XI |
SG
|
25 |
tcp |
|
Simple Mail Transfer Protocol (SMTP) - used for e-mail routing between mail servers (official) |
Wikipedia
|
25 |
tcp |
trojan |
Antigen, Barok, BSE, Email Password Sender , Gip, Laocoon, Magic Horse, MBT , Moscow Email trojan, Nimda, Shtirlitz, Stukach, Tapiras, WinPC |
Trojans
|
25 |
tcp,udp |
applications |
SMTP |
Portforward
|
25 |
tcp |
Ajan |
[trojan] Ajan |
Neophasis
|
25 |
tcp |
Antigen |
[trojan] Antigen |
Neophasis
|
25 |
tcp |
Barok |
[trojan] Barok |
Neophasis
|
25 |
tcp |
BSE |
[trojan] BSE |
Neophasis
|
25 |
tcp |
EmailPasswordSender |
[trojan] Email Password Sender - EPS |
Neophasis
|
25 |
tcp |
EPSII |
[trojan] EPS II |
Neophasis
|
25 |
tcp |
Gip |
[trojan] Gip |
Neophasis
|
25 |
tcp |
Gris |
[trojan] Gris |
Neophasis
|
25 |
tcp |
Happy99 |
[trojan] Happy99 |
Neophasis
|
25 |
tcp |
Hpteammail |
[trojan] Hpteam mail |
Neophasis
|
25 |
tcp |
Hybris |
[trojan] Hybris |
Neophasis
|
25 |
tcp |
Iloveyou |
[trojan] I love you |
Neophasis
|
25 |
tcp |
Kuang2 |
[trojan] Kuang2 |
Neophasis
|
25 |
tcp |
MagicHorse |
[trojan] Magic Horse |
Neophasis
|
25 |
tcp |
MBTMailBombingTrojan |
[trojan] MBT (Mail Bombing Trojan) |
Neophasis
|
25 |
tcp |
MBT |
[trojan] MBT (Mail Bombing Trojan) |
Neophasis
|
25 |
tcp |
MoscowEmailtrojan |
[trojan] Moscow Email trojan |
Neophasis
|
25 |
tcp |
Naebi |
[trojan] Naebi |
Neophasis
|
25 |
tcp |
NewAptworm |
[trojan] NewApt worm |
Neophasis
|
25 |
tcp |
ProMailtrojan |
[trojan] ProMail trojan |
Neophasis
|
25 |
tcp |
Shtirlitz |
[trojan] Shtirlitz |
Neophasis
|
25 |
tcp |
Stealth |
[trojan] Stealth |
Neophasis
|
25 |
tcp |
Stukach |
[trojan] Stukach |
Neophasis
|
25 |
tcp |
Tapiras |
[trojan] Tapiras |
Neophasis
|
25 |
tcp |
Terminator |
[trojan] Terminator |
Neophasis
|
25 |
tcp |
WinPC |
[trojan] WinPC |
Neophasis
|
25 |
tcp |
WinSpy |
[trojan] WinSpy |
Neophasis
|
25 |
tcp |
threat |
Ajan |
Bekkoame
|
25 |
tcp |
threat |
Antigen |
Bekkoame
|
25 |
tcp |
threat |
Bancos |
Bekkoame
|
25 |
tcp |
threat |
Barok |
Bekkoame
|
25 |
tcp |
threat |
Chimo |
Bekkoame
|
25 |
tcp |
threat |
Email Password Sender - EPS |
Bekkoame
|
25 |
tcp |
threat |
EPS II |
Bekkoame
|
25 |
tcp |
threat |
Gip |
Bekkoame
|
25 |
tcp |
threat |
Gris |
Bekkoame
|
25 |
tcp |
threat |
Happy99 |
Bekkoame
|
25 |
tcp |
threat |
Hpteam mail |
Bekkoame
|
25 |
tcp |
threat |
Hybris |
Bekkoame
|
25 |
tcp |
threat |
I love you |
Bekkoame
|
25 |
tcp |
threat |
Kuang2 |
Bekkoame
|
25 |
tcp |
threat |
Magic Horse |
Bekkoame
|
25 |
tcp |
threat |
MBT (Mail Bombing Trojan) |
Bekkoame
|
25 |
tcp |
threat |
Mitglieder |
Bekkoame
|
25 |
tcp |
threat |
Moscow Email trojan |
Bekkoame
|
25 |
tcp |
threat |
Naebi |
Bekkoame
|
25 |
tcp |
threat |
NewApt worm |
Bekkoame
|
25 |
tcp |
threat |
ProMail trojan |
Bekkoame
|
25 |
tcp |
threat |
Rustock |
Bekkoame
|
25 |
tcp |
threat |
Shtirlitz |
Bekkoame
|
25 |
tcp |
threat |
Stealth |
Bekkoame
|
25 |
tcp |
threat |
Tapiras |
Bekkoame
|
25 |
tcp |
threat |
Terminator |
Bekkoame
|
25 |
tcp |
threat |
W32.Beagle |
Bekkoame
|
25 |
tcp |
threat |
W32.HLLP.Sality |
Bekkoame
|
25 |
tcp |
threat |
WinPC |
Bekkoame
|
25 |
tcp |
threat |
WinSpy |
Bekkoame
|
25 |
tcp,udp |
smtp |
Simple Mail Transfer [RFC5321] , modified: 2017-06-05 |
IANA
|
|
63 records found
Related ports: 26 110 143 125 465 2525 110 443
|