Event ID - 1167

Port No1167
Service NamePhone
RFC Doc0
ProtocolUDP
DescriptionThis port is used when client is makes phone call to perticular destination hard phone or softphone.
Reference LinkMore Information From Symentec

J-Security Center
AttackName:Crazzynet

Crazzynet is a backdoor Trojan that infects vulnerable Microsoft Windows operating systems.

Once the Crazzynet server is launched, it copies itself to the Windows directory using the filename, Registry32.exe. It monitors TCP port 954 for an incoming connection. Registry auto-run keys are added so that the Trojan server part is executed whenever Windows starts.

Through the Crazzynet client, an attacker could perform malicious actions including obtain passwords, modify and retrieve system settings, record keystrokes, upload and download files, and execute files.

There are several Backdoor detection programs on the market that are said to be able to scan for and detect a Backdoor Crazzynet server on your system. Some of the better known AntiVirus vendors have included detection strings in their virus definitions.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.