Detections
Analytics

w32.spybot.fcd Worm Infection Detection

high Nessus Plugin ID 15520

Language:

Synopsis

A worm was detected on the remote Windows host.

Description

The remote system is infected with a variant of the worm w32.spybot.fcd. Infected systems will scan systems that are vulnerable in the same subnet in order to spread, creating a botnet that has been used for purposes such as DDoS attacks.

Solution

Remove the worm from this system. Reinstall the operating system if necessary.

See Also

http://www.nessus.org/u?4420ad95

Plugin Details

Severity: High

ID: 15520

File Name: w32_spybot_worm_variant.nasl

Version: Revision: 1.20

Type: remote

Family: Backdoors

Published: 10/20/2004

Updated: 9/27/2012

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:C

Vulnerability Information

Excluded KB Items: fake_identd/113