Port 60479 — Unassigned Ephemeral Port

What This Port Is

Port 60479 belongs to the dynamic or ephemeral port range: 49152–65535.¹ These ports have no official assignments and never will. The Internet set aside this entire range (16,384 ports total) specifically for temporary, private, and automatic use. When your browser opens a connection to a web server, the operating system grabs an ephemeral port from this range for the client end of that connection. Once the conversation ends, the port is released and recycled.

Port 60479 has no registered service. On any given system, nothing official should be listening on it.

Known Unofficial Uses

Security researchers have documented port 60479 in connection with Trojan.DownLoader34.3753, a trojan downloader detected by Dr.Web antivirus.² This malware uses port 60479 (among dozens of others in the 60466–60496 range) for local communication on infected systems, specifically for communicating with the trojan's command infrastructure on localhost. The malware injects code into system processes like svchost.exe and iexplore.exe, and has capabilities for creating Tor-based communication channels.

This is not a legitimate use of the port. If port 60479 is actively listening on your system, it indicates a serious security problem.

How to Check What's Listening

Use these tools to see what's actually using the port on your machine:

On Linux/macOS:

# Check what's listening on port 60479
lsof -i :60479

# Or use netstat
netstat -tulpn | grep 60479

On Windows:

# List all listening ports and the processes using them
netstat -ano | findstr 60479

# Or check with PowerShell
Get-NetTCPConnection -LocalPort 60479

If you see a listening process on this port and you didn't explicitly start it, this is a red flag.

Why Unassigned Ports Matter

The ephemeral range exists so the Internet can function. Billions of temporary connections need temporary ports, and the system works because:

1. They're guaranteed unassigned — No protocol or service will ever officially claim port 60479, so the operating system can safely use it
2. They're private — Your system assigns them; they're not routed across the public Internet
3. They're temporary — The port lives only as long as the connection needs it, then returns to the pool

This makes the ephemeral range both essential and dangerous. Malware exploits these ports precisely because they're unassigned and invisible to port registries. A trojan can use them for command-and-control communication on localhost without triggering obvious registry-based detection.

The presence of malware on port 60479 doesn't mean the port is bad. It means malware was bad enough to infect your system. The port itself is just the door the infection used to talk to itself.

If You See Activity on Port 60479

This almost certainly indicates malware. Legitimate applications should not be using this random ephemeral port. If your security tools or firewall logs show activity on this port:

1. Run a full antivirus and anti-malware scan immediately
2. Consider the system compromised until scans confirm otherwise
3. Block the port at your firewall while investigating
4. Check system startup processes for suspicious entries