Trojan/Backdoor Detection - Sasser Worm

Critical Nessus Network Monitor Plugin ID 1215


The remote host has a backdoor installed


The remote host is infected with the Sasser Worm. This worm utilizes a backdoor command server and FTP server on ports 5554 and 9996, respectively.


Use an anti-virus product to remove the worm and consider re-installing the operating system.

See Also

Plugin Details

Severity: Critical

ID: 1215

Family: Backdoors

Published: 2004/08/20

Modified: 2016/01/15

Nessus ID: 12219

Risk Information

Risk Factor: Critical