Zotob Worm Infection (Shell)

High Nessus Network Monitor Plugin ID 3166

Synopsis

The remote host has been compromised and is running a 'backdoor' program.

Description

The remote host is infected with the Zotob Worm.

Solution

Manually inspect and repair the remote host.

See Also

http://www.microsoft.com/presspass/press/2005/aug05/08-16zotob.mspx

http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.a.html

Plugin Details

Severity: High

ID: 3166

File Name: 3166.prm

Family: FTP Servers

Published: 2005/08/17

Modified: 2016/01/15

Dependencies: 1803, 1804, 3222

Nessus ID: 19429

Risk Information

Risk Factor: High