| VID |
24072 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
Phatbot program has been detected as installed on the system. This program allows an infected host to be controlled via a P2P network. Phatbot, which is derived from Agobot, is a backdoor affecting Microsoft Windows operating systems. The backdoor uses a client/server relationship, where the server component is installed in the victim's system and a remote attacker has control of the client. Phatbot is extremely sophisticated and allows the remote attacker to use the victim system to perform various actions. The main actions, however, are the following:
1. Turns your machine into a spam monster, and can send up to several thousand emails a day from your email address.
2. Can detect many of your passwords and other information.
3. Can spread itself to others linked to your computer if they have some type of backdoor or other security hole.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://phatbot.com/
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Remove Phatbot backdoor immediately. Most antivirus software companies have updates their software to keep Phatbot at bay, so you should download any available updates through its Live Update feature and remove the Phatbot using antivirus software.
-- OR --
Follow its removal instructions to disinfect and repair the computer, as listed in LURHQ Threat Intelligence Group Web site, "Manual Removal" at http://www.lurhq.com/phatbot.html |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
15520,15534 (ISS) |
|
