DNSChanger Detection

High Nessus Network Monitor Plugin ID 7055




The remote host was observed performing DNS lookups to an IP address that is included in the DNSChanger rogue servers. This indicates that the remote host is infected with DNSChanger. DNSChanger hijacks DNS settings on a system causing the host to query the DNSChanger rogue servers.


Manually inspect and clean the system.

Plugin Details

Severity: High

ID: 7055

Version: 1.0

Family: Backdoors

Published: 2012/03/02

Modified: 2018/09/16

Risk Information

Risk Factor: High