Poison Ivy Detection

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host runs a potentially malicious remote administration
tool.

Description :

The remote host is running a Poison Ivy client. Poison Ivy is a Remote
Administration Tool (RAT) used to control computers infected by malware.
The 'client' is the component used to control those computers. It is
associated with malicious activity.

See also :

http://www.poisonivy-rat.com/
http://www.nessus.org/u?34182a5d
http://www.nessus.org/u?7e706c7a

Solution :

Ensure that use of this software is intentional. If not, remove the
software and scan potentially affected hosts with malware removal
software.

Risk factor :

None

Family: Service detection

Nessus Plugin ID: 69320 ()

Bugtraq ID:

CVE ID: