Zotob Worm Infection (Microsoft)

Critical Nessus Network Monitor Plugin ID 3164

Synopsis

The remote host has a backdoor installed.

Description

A Microsoft Windows shell is running on port 8888. This may indicate an infection by the Zotob worm, although other worms may also create a shell on this host.

The remote host has been compromised.

Solution

Manually inspect and repair this system.

See Also

http://www.microsoft.com/presspass/press/2005/aug05/08-16zotob.mspx

http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.a.html

Plugin Details

Severity: Critical

ID: 3164

File Name: 3164.prm

Family: Backdoors

Published: 2005/08/16

Modified: 2016/01/15

Nessus ID: 19429

Risk Information

Risk Factor: Critical