Trojan/Backdoor Detection - Sasser Worm

Critical Nessus Network Monitor Plugin ID 1215

Synopsis

The remote host has a backdoor installed

Description

The remote host is infected with the Sasser Worm. This worm utilizes a backdoor command server and FTP server on ports 5554 and 9996, respectively.

Solution

Use an anti-virus product to remove the worm and consider re-installing the operating system.

See Also

http://www.lurhq.com/sasser.html

http://www.f-secure.com/v-descs/sasser.shtml

Plugin Details

Severity: Critical

ID: 1215

Family: Backdoors

Published: 2004/08/20

Modified: 2016/01/15

Nessus ID: 12219

Risk Information

Risk Factor: Critical