"Dabber scans for Sasser-infected hosts on port 5554. When it finds infected PCs it uses code from a Sasser-FTP exploit developed by "mandragore" of the Romanian Security Research team to seize control of PCs. Dabber than installs itself and deletes the registry keys of Sasser and other viruses. It creates a backdoor on infected machines on TCP port 9898 allowing hackers to download additional code, which might be far more malicious than Dabber itself."
Quelle
