Detections
Analytics
Stacheldraht Trojan Detection
critical Nessus Plugin ID 10270
Synopsis
The remote host has a distributed denial of service (DDOS) agent installed.Description
The remote host is running Stacheldraht, a trojan horse that can be used to control your system or make it attack another network.An ICMP ECHO reply was sent to the remote host with 'gesundheit!' and an ID of 668. The host sent a reply with 'sicken ' and an ID of 669.
If Paranoid is enabled, the plugin will only check for the ICMP ECHO reply having ID 669.
It is very likely that this host has been compromised.
Solution
Restore your system from backups, and contact CERT and your local authorities.See Also
http://www.sans.org/security-resources/idfaq/stacheldraht.php
Plugin Details
Severity: Critical
ID: 10270
File Name: stacheldraht.nasl
Version: 1.30
Type: remote
Family: Backdoors
Published: 1/28/2000
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
Required KB Items: Settings/ThoroughTests
Vulnerability Publication Date: 2/9/2000
Reference Information
CVE: CVE-2000-0138