Bagle Worm Removal

critical Nessus Plugin ID 12027

Language:

Synopsis

Nessus attempted to remove a worm on the remote host.

Description

The remote host had the Bagle worm installed. Nessus attempted to remove it by connecting to port 6777 of the host and using the built-in removal command. However, you should verify that :

- The worm was removed properly

- The remote host has not been altered in any other way.

Solution

Verify that the system is clean, and reinstall if necessary.

Plugin Details

Severity: Critical

ID: 12027

File Name: bagle_remover.nasl

Version: Revision: 1.18

Type: remote

Family: Backdoors

Published: 1/21/2004

Updated: 9/24/2012

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C