w32.spybot.fcd Worm Infection Detection

High Nessus Plugin ID 15520


A worm was detected on the remote Windows host.


The remote system is infected with a variant of the worm w32.spybot.fcd. Infected systems will scan systems that are vulnerable in the same subnet in order to spread, creating a botnet that has been used for purposes such as DDoS attacks.


Remove the worm from this system. Reinstall the operating system if necessary.

See Also


Plugin Details

Severity: High

ID: 15520

File Name: w32_spybot_worm_variant.nasl

Version: $Revision: 1.20 $

Type: remote

Family: Backdoors

Published: 2004/10/20

Modified: 2012/09/27

Dependencies: 11936, 17975

Risk Information

Risk Factor: High


Base Score: 9.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:C

Vulnerability Information

Excluded KB Items: fake_identd/113