DNSChanger Malware Detection

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote host may be infected with malware.

Description :

DNSChanger appears to be installed on the remote host. This malware
configures the host to use rogue DNS servers, which could cause
requests for legitimate websites and hostnames to be routed to
attacker controlled machines.

Nessus determines the likelihood of infection by comparing the list of
DNS servers configured on the host to a list of IP addresses
associated with this malware. More information can be found in the
linked references.

See also :

http://www.nessus.org/u?2fe8e345
http://www.f-secure.com/v-descs/dnschang.shtml
http://www.nessus.org/u?bf883954

Solution :

Update the host's antivirus software, clean the host, and scan again
to ensure the Trojan's removal. If symptoms persist, re-installation
of the infected host is recommended.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

Family: Misc.

Nessus Plugin ID: 58182 ()

Bugtraq ID:

CVE ID: