Stuxnet Infected Host Detection

Critical Nessus Network Monitor Plugin ID 5738


The remote host has been compromised and is running a 'Backdoor' program


The remote host is running the Stuxnet trojan. This was determined based on the RPC UUID. Stuxnet is a Trojan which uses multiple vulnerabilities to infect and spread to nearby hosts. Ultimately, the Trojan attempts to gain access to a SCADA network.


Manually clean the infected machine

Plugin Details

Severity: Critical

ID: 5738

File Name: 5738.prm

Family: Backdoors

Published: 2010/12/06

Modified: 2016/01/15

Risk Information

Risk Factor: Critical

Vulnerability Information

Vulnerability Publication Date: 2010/07/01