Trojan/Backdoor - Warbot Detection

critical Nessus Network Monitor Plugin ID 5549

Synopsis

The remote host has been compromised and is running a 'Backdoor' program

Description

A host is making HTTP requests that are formatted as a Warbot command would be. This is indicitive of an infection by the Warbot trojan. The Warbot trojan allows for arbitrary code to be executed on the system, as well as enables it to be used in various DDoS attacks.

Solution

Update your Antivirus and perform a full scan of the remote operating system.

See Also

http://www.symantec.com/security_response/writeup.jsp?docid=2010-041613-5923-99&tabid=2

Plugin Details

Severity: Critical

ID: 5549

Family: Backdoors

Published: 5/24/2010

Updated: 1/15/2016