Poison Ivy Detection

info Nessus Plugin ID 69320

Synopsis

The remote host runs a potentially malicious remote administration tool.

Description

The remote host is running a Poison Ivy client. Poison Ivy is a Remote Administration Tool (RAT) used to control computers infected by malware. The 'client' is the component used to control those computers. It is associated with malicious activity.

Solution

Ensure that use of this software is intentional. If not, remove the software and scan potentially affected hosts with malware removal software.

See Also

http://ww7.poisonivy-rat.com

http://www.nessus.org/u?ba08470c

http://www.nessus.org/u?ac402881

Plugin Details

Severity: Info

ID: 69320

File Name: poison_ivy_detect.nasl

Version: 1.6

Type: remote

Published: 8/13/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Asset Inventory: true

Supported Sensors: Nessus

Vulnerability Information

CPE: x-cpe:/a:poisonivy:poisonivy