Trojan/Backdoor Detection - Sasser Worm

critical Nessus Network Monitor Plugin ID 1215

Synopsis

The remote host has a backdoor installed

Description

The remote host is infected with the Sasser Worm. This worm utilizes a backdoor command server and FTP server on ports 5554 and 9996, respectively.

Solution

Use an anti-virus product to remove the worm and consider re-installing the operating system.

See Also

http://www.lurhq.com/sasser.html

http://www.f-secure.com/v-descs/sasser.shtml

Plugin Details

Severity: Critical

ID: 1215

Family: Backdoors

Published: 8/20/2004

Updated: 1/15/2016

Nessus ID: 12219