Trojan/Backdoor - Warbot Detection

Critical Nessus Network Monitor Plugin ID 5549


The remote host has been compromised and is running a 'Backdoor' program


A host is making HTTP requests that are formatted as a Warbot command would be. This is indicitive of an infection by the Warbot trojan. The Warbot trojan allows for arbitrary code to be executed on the system, as well as enables it to be used in various DDoS attacks.


Update your Antivirus and perform a full scan of the remote operating system.

See Also

Plugin Details

Severity: Critical

ID: 5549

Family: Backdoors

Published: 2010/05/24

Modified: 2016/01/15

Risk Information

Risk Factor: Critical