| Port No | 9901 |
| Service Name | CiscoSecureDB |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | W32.Dabber.A is a worm. This worm propagates by exploiting vulnerability in the FTP server component of W32.Sasser.Worm and its variants. This worm based on available exploit code. W32.Dabber.A installs a backdoor on infected hosts listening on port 9898. If the attempt fails, W32.Dabber.A tries to listen on ports 9899 through 9999 in sequence until it finds an open port. |
| Reference Link | More Information |
| Attack | Name:W32.Dabber.A W32.Dabber.A is a worm. This worm propagates by exploiting vulnerability in the FTP server component of W32.Sasser.Worm and its variants. This worm based on available exploit code. W32.Dabber.A installs a backdoor on infected hosts listening on port 9898. If the attempt fails, W32.Dabber.A tries to listen on ports 9899 through 9999 in sequence until it finds an open port. Removal: The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines. Disable System Restore (Windows Me/XP). Update the virus definitions. Do one of the following: Windows 95/98/Me: Restart the computer in Safe mode. Windows NT/2000/XP: End the malicious process. Run a full system scan and delete all the files detected as W32.Dabber.A. Reverse the changes made to the registry. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.