Nessus Plugin #12219
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
Sasser Virus Detection
- Family:
- Backdoors
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2004 Tenable Network Security
- Summary:
- Sasser Virus Detection
- Version:
- $Revision: 1.4 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- -
- Description:
The Sasser worm is infecting this host. Specifically,
a backdoored command server may be listening on port 9995 or 9996
and an ftp server (used to load malicious code) is listening on port
5554 or 1023. There is every indication that the host is currently
scanning and infecting other systems.
See also :
http://www.lurhq.com/sasser.html
Solution:
- Use an Anti-Virus package to remove it.
- See http://www.microsoft.com/technet/security/bulletin/ms04-011.asp
Risk factor : Critical
Generiert am 27.04.2005 um 18:49:54 Uhr.