Poison Ivy Detection

Info Nessus Plugin ID 69320

Synopsis

The remote host runs a potentially malicious remote administration tool.

Description

The remote host is running a Poison Ivy client. Poison Ivy is a Remote Administration Tool (RAT) used to control computers infected by malware. The 'client' is the component used to control those computers. It is associated with malicious activity.

Solution

Ensure that use of this software is intentional. If not, remove the software and scan potentially affected hosts with malware removal software.

See Also

http://www.poisonivy-rat.com/

http://www.nessus.org/u?34182a5d

http://www.nessus.org/u?ac402881

Plugin Details

Severity: Info

ID: 69320

File Name: poison_ivy_detect.nasl

Version: $Revision: 1.3 $

Type: remote

Published: 2013/08/13

Modified: 2017/04/25

Dependencies: 17975

Risk Information

Risk Factor: Info

Vulnerability Information

CPE: x-cpe:/a:poisonivy:poisonivy