Detections
Analytics
Trojan/Backdoor - Warbot Detection
critical Nessus Network Monitor Plugin ID 5549
Synopsis
The remote host has been compromised and is running a 'Backdoor' programDescription
A host is making HTTP requests that are formatted as a Warbot command would be. This is indicitive of an infection by the Warbot trojan. The Warbot trojan allows for arbitrary code to be executed on the system, as well as enables it to be used in various DDoS attacks.Solution
Update your Antivirus and perform a full scan of the remote operating system.See Also
http://www.symantec.com/security_response/writeup.jsp?docid=2010-041613-5923-99&tabid=2