Zotob Worm Detection

Critical Nessus Plugin ID 19429


The remote host may have been compromised by a worm.


A Microsoft Windows shell is running on port 8888. This may indicate an infection by the Zotob worm, although other worms may also create a shell on this port.


Verify if the remote host has been compromised, and reinstall the system if necessary.

See Also



Plugin Details

Severity: Critical

ID: 19429

File Name: zotob_detection.nasl

Version: Revision: 1.9

Type: remote

Family: Backdoors

Published: 2005/08/16

Modified: 2012/09/27

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C