Trojan/Backdoor - Agobot.FO Detection

Critical Nessus Network Monitor Plugin ID 1207


The remote host has a backdoor installed


The remote host has the Agobot.FO backdoor installed. This backdoor is known to scan local networks for common Microsoft vulnerabilities, scan local networks for exploitable DameWare systems, brute force local Microsoft machine User accounts, connect to an IRC channel and setup a BOT for remote command execution.


This backdoor should be immediately removed from the infected systems and manually cleaned.

See Also

Plugin Details

Severity: Critical

ID: 1207

Family: Backdoors

Published: 2004/08/20

Modified: 2016/01/15

Nessus ID: 12128

Risk Information

Risk Factor: Critical