Port 9875 is a port often associated with setting up VoIP (voice over IP) communications. The port is also notorious as an attack vector for the Portal of Doom Trojan horse; as a result, port 9875 is sometimes referred to as the Port of Doom.
Port 9875 is registered with the Internet Assigned Numbers Authority (IANA) for session announcement. The session announcement protocol (SAP) defines the format and describes the information that will be exchanged during a multicast conferencing session. The VoIP system traffic directed to the port communicates the start and stop of a session if this is the port expected by the system. Port 9875 uses the IP network standard TCP (Transmission Control Protocol), which guarantees the delivery of data packets in the order in which they were sent.
Malicious hackers can use the Portal of Doom Trojan to look for sensitive data, such as credit card numbers and information that enables identity theft, or just to cause mischief. The Trojan can enter without causing any behavior that alerts the user and does not have to trick the user into running an executable file manually.