Detections
Analytics
W32.Dabber Worm Detection
critical Nessus Plugin ID 12266
Language:
Synopsis
The remote host has been compromised.Description
The W32.Dabber worm is listening on this port. W32.Dabber propagates by exploiting a vulnerability in the FTP server component of W32.Sasser.Worm and its variants.It installs a backdoor on infected hosts and tries to listen on port 9898. If the attempt fails, it tries to listen on ports 9899 through 9999 in sequence until it finds an open port.
Solution
- Disable access to port 445 and Dabber remote shell by using a firewall.- Apply Microsoft MS04-011 patch.
- Update your virus definitions.
See Also
http://www.nessus.org/u?839c7128
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2004/ms04-011
Plugin Details
Severity: Critical
ID: 12266
File Name: dabber_worm.nasl
Version: 1.14
Type: remote
Family: Backdoors
Published: 6/10/2004
Updated: 11/15/2018
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
Required KB Items: Settings/ParanoidReport