TCP Port 559
Used as a spam proxy and as the backdoor port created by the Domwis trojan.
Domwis is a trojan that allows hackers remote access to your computer, but we
have also seen proxy scans on TCP port 559 which would indicate that
unauthorized proxies might also be installed on 559 similar to
TCP port 65506. TCP port 559 should be
blocked by your firewall by default.
Outbound scans especially if occurring in volume should be considered an indication of a
possible infection or compromise on the source computer and should be
PortPeeker TCP Port 559 traffic Captures
Symantec Domwis Trojan write up
Page last updated on
May 10, 2004