DNSChanger Malware Detection

medium Nessus Plugin ID 58182

Synopsis

The remote host may be infected with malware.

Description

DNSChanger appears to be installed on the remote host. This malware configures the host to use rogue DNS servers, which could cause requests for legitimate websites and hostnames to be routed to attacker controlled machines.

Nessus determines the likelihood of infection by comparing the list of DNS servers configured on the host to a list of IP addresses associated with this malware. More information can be found in the linked references.

Solution

Update the host's antivirus software, clean the host, and scan again to ensure the Trojan's removal. If symptoms persist, re-installation of the infected host is recommended.

See Also

http://www.nessus.org/u?2fe8e345

https://www.f-secure.com/v-descs/dnschang.shtml

http://www.nessus.org/u?bf883954

Plugin Details

Severity: Medium

ID: 58182

File Name: dnschanger_trojan.nasl

Version: 1.5

Type: local

Family: Backdoors

Published: 3/1/2012

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N