Detections
Analytics

Zotob Worm Detection

critical Nessus Plugin ID 19429

Language:

Synopsis

The remote host may have been compromised by a worm.

Description

A Microsoft Windows shell is running on port 8888. This may indicate an infection by the Zotob worm, although other worms may also create a shell on this port.

Solution

Verify if the remote host has been compromised, and reinstall the system if necessary.

See Also

http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.a.html

http://www.microsoft.com/presspass/press/2005/aug05/08-16zotob.mspx

Plugin Details

Severity: Critical

ID: 19429

File Name: zotob_detection.nasl

Version: 1.10

Type: remote

Family: Backdoors

Published: 8/16/2005

Updated: 11/25/2019

Asset Inventory: true

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C