Trojan Horse Client Detection

Critical Nessus Network Monitor Plugin ID 4477

Synopsis

The remote host has been compromised and is running a 'backdoor' program.

Description

The remote client appears to be infected by a Trojan horse. PVS had determined this based on the outbound connections recently made to control servers. PVS just observed the host attempting to connect to importtrenz -dot- com.

Solution

Manually check system integrity and remove any malicious code or processes that may reside on the system.

See Also

http://www.secureworks.com/research/blog/index.php/2007/06/18/detecting-bbb-irs-ftc-proforma-trojan-infected-users-on-your-network

Plugin Details

Severity: Critical

ID: 4477

Family: Backdoors

Published: 2008/04/20

Modified: 2016/01/15

Risk Information

Risk Factor: Critical