PhatBOT Backdoor Detection

critical Nessus Plugin ID 12111

Synopsis

The remote host has a trojan installed.

Description

The remote systems appears to have PhatBOT installed. This program allows the machine to be controlled via a P2P network. PhatBOT is extremely sophisticated and allows the remote attacker to use the victim machine to perform various actions.

Solution

Remove PhatBOT immediately.

See Also

http://www.secureworks.com/research/threats/phatbot

Plugin Details

Severity: Critical

ID: 12111

File Name: phatbot_detection.nasl

Version: 1.13

Type: local

Agent: windows

Family: Backdoors

Published: 3/17/2004

Updated: 2/1/2022

Asset Inventory: true

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated