DNSChanger Malware Detection

Medium Nessus Plugin ID 58182


The remote host may be infected with malware.


DNSChanger appears to be installed on the remote host. This malware configures the host to use rogue DNS servers, which could cause requests for legitimate websites and hostnames to be routed to attacker controlled machines.

Nessus determines the likelihood of infection by comparing the list of DNS servers configured on the host to a list of IP addresses associated with this malware. More information can be found in the linked references.


Update the host's antivirus software, clean the host, and scan again to ensure the Trojan's removal. If symptoms persist, re-installation of the infected host is recommended.

See Also




Plugin Details

Severity: Medium

ID: 58182

File Name: dnschanger_trojan.nasl

Version: 1.5

Type: local

Family: Backdoors

Published: 2012/03/01

Updated: 2018/11/15

Dependencies: 58181, 58180

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N