en_GB http://tobyinkster.co.uk/article/nmap/ ====<br> <p>The following is an nmap-services file that can be used in conjuction with nmap to hunt for viruses on a network. It can&#8217;t find all viruses &#8212; only those ones that open a <span class="caps">TCP </span>or <span class="caps">UDP </span>port as a backdoor &#8212; so only use it as <strong>a small part</strong> of the overall defense for your network. I won&#8217;t bother explaining how to use it &#8212; if you don&#8217;t know how then you probably shouldn&#8217;t be using it. It could potentially be used for good or evil. I use it for the former.</p> <pre># List of ports used by malware #<br> # Note: some of these have legitimate uses too. These are given<br> # as [bracketed] comments where known.<br> #<br> # Also, tonnes of trojans use common ports such as 21, 25, 80, etc.<br> # I have generally left these out as they&#8217;ll result in tonnes of<br> # false-positives. <p>Blaster 69/udp # [tftp]<br> Sobig 995/udp #<br> Sobig 996/udp #<br> Sobig 997/udp #<br> Sobig 998/udp #<br> Sobig 999/udp #<br> MyDoom 1080/tcp # bugbear, [some proxies]<br> Ultor &#8230;</p>