by Randal T. Rioux
May 30, 2012
This report template will enumerate systems on your network that have been identified (via Nessus and/or PVS) to have DNS IPs in use that fall within the DNSChanger ranges.
- May 30, 2012 (v1)
- SecurityCenter 4.4
- Required Tools: Nessus, PVS
- Download DNSChanger Report Example
- Download DNSChanger Report Template
The report displays a trend of activity, both passive and active, of DNSChanger activity on your network for the past 25 days (default). It also contains tables listing the hosts infected (IP and discovery date/time).
With this report, you get both a snapshot of your current status, along with usable data for remediation purposes.
For more information on the DNSChanger trojan, please see the paper released by the FBI entitled "DNSChanger Malware" (PDF).