Detections
Analytics

Zotob Worm Infection (Microsoft)

critical Nessus Network Monitor Plugin ID 3164

Synopsis

The remote host has a backdoor installed.

Description

A Microsoft Windows shell is running on port 8888. This may indicate an infection by the Zotob worm, although other worms may also create a shell on this host.

The remote host has been compromised.

Solution

Manually inspect and repair this system.

See Also

http://www.microsoft.com/presspass/press/2005/aug05/08-16zotob.mspx

http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.a.html

Plugin Details

Severity: Critical

ID: 3164

Family: Backdoors

Published: 8/16/2005

Updated: 1/15/2016

Nessus ID: 19429