Trojan/Backdoor - Agobot.FO Detection

critical Nessus Network Monitor Plugin ID 1207

Synopsis

The remote host has a backdoor installed

Description

The remote host has the Agobot.FO backdoor installed. This backdoor is known to scan local networks for common Microsoft vulnerabilities, scan local networks for exploitable DameWare systems, brute force local Microsoft machine User accounts, connect to an IRC channel and setup a BOT for remote command execution.

Solution

This backdoor should be immediately removed from the infected systems and manually cleaned.

See Also

http://www.f-secure.com/v-descs/agobot_fo.shtml

Plugin Details

Severity: Critical

ID: 1207

Family: Backdoors

Published: 8/20/2004

Updated: 1/15/2016

Nessus ID: 12128