DNSChanger Malware Detection

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote host may be infected with malware.

Description :

DNSChanger appears to be installed on the remote host. This malware
configures the host to use rogue DNS servers, which could cause
requests for legitimate websites and hostnames to be routed to
attacker controlled machines.

Nessus determines the likelihood of infection by comparing the list of
DNS servers configured on the host to a list of IP addresses
associated with this malware. More information can be found in the
linked references.

See also :


Solution :

Update the host's antivirus software, clean the host, and scan again
to ensure the Trojan's removal. If symptoms persist, re-installation
of the infected host is recommended.

Risk factor :

Medium / CVSS Base Score : 5.8

Family: Misc.

Nessus Plugin ID: 58182 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now