Attackers are probing for Windows servers running Trend Micro Inc.‘s ServerProtect antivirus software, researchers warned.

Early today, Symantec Corp.‘s DeepSight threat network monitored a major spike in traffic over TCP port 5168, which is related to the remote procedure call service in ServerProtect. “This may indicate an ongoing mass-scanning and exploitation attempt trying to exploit vulnerable systems for the newly disclosed vulnerabilities,” said Symantec analyst Pukhraj Singh in an alert issued to corporate customers.

Continues at