winsatan.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

#
# This script was written by Julio C閟ar Hern醤dez <jcesar@inf.uc3m.es>
#
# See the Nessus Scripts License for details
#
# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>
#      Erik Anderson <eanders@carmichaelsecurity.com>
#      Added link to the Bugtraq message archive

if(description)
{
 script_id(10316);
#  script_cve_id("CVE-MAP-NOMATCH");
 script_version ("$Revision: 38 $");
 
 name["english"] = "WinSATAN";
 name["francais"] = "WinSATAN";
 script_name(english:name["english"], francais:name["francais"]);
 
 desc["english"] = "WinSATAN is installed. 

This backdoor allows anyone to partially take control
of the remote system.

An attacker may use it to steal your password or prevent
your system from working properly.

Solution : use RegEdit, and find 'RegisterServiceBackUp'
in HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
The value's data is the path of the file.
If you are infected by WinSATAN, then
the registry value is named 'fs-backup.exe'.

Additional Info : http://online.securityfocus.com/archive/75/17508
Additional Info : http://online.securityfocus.com/archive/75/17663

Risk factor : High";


 desc["francais"] = "WinSATAN est install