Agobot.FO Backdoor Detection

critical Nessus Plugin ID 12128

Language:

Synopsis

The remote host has a backdoor installed.

Description

The remote host has the Agobot.FO backdoor installed. This backdoor is known to:

- Scan local networks for common Microsoft vulnerabilities.

- Scan local networks for exploitable DameWare systems.

- Brute force local Microsoft machine User accounts.

- Connect to an IRC channel and setup a BOT for remote command execution.

Solution

This backdoor should be immediately removed from the network and manually cleaned.

See Also

https://www.f-secure.com/v-descs/agobot_fo.shtml

Plugin Details

Severity: Critical

ID: 12128

File Name: agobot_fo.nasl

Version: 1.11

Type: remote

Family: Backdoors

Published: 4/5/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C