Trojan/Backdoor - PhatBOT Detection

critical Nessus Network Monitor Plugin ID 1202

Synopsis

The remote host can be remotely controlled by a malicious user

Description

The remote systems appears to have PhatBOT installed. This program allows the machine to be controlled via a P2P network. PhatBOT is extremely sophisticated and allows the remote attacker to use the victim machine to perform various actions.

Solution

Remove the trojan software from the infected machine and consider re-installing the operating system.

See Also

http://www.secureworks.com/research/threats/phatbot

Plugin Details

Severity: Critical

ID: 1202

Family: Generic

Published: 8/20/2004

Updated: 1/15/2016

Nessus ID: 12111