DNSChanger Detection

high Nessus Network Monitor Plugin ID 7055

Synopsis

N/A

Description

The remote host was observed performing DNS lookups to an IP address that is included in the DNSChanger rogue servers. This indicates that the remote host is infected with DNSChanger. DNSChanger hijacks DNS settings on a system causing the host to query the DNSChanger rogue servers.

Solution

Manually inspect and clean the system.

Plugin Details

Severity: High

ID: 7055

Version: 1.0

Family: Backdoors

Published: 3/2/2012

Updated: 8/16/2018