Nessus Enhanced Botnet Detection

This template was designed to be used with the Enhanced Botnet Detection in Nessus and has been updated in version 2 to reflect changes to divide inbound and outbound connection results. The template also reports results found by the malware checks found in the Nessus Backdoors plugin family.

• July 1st 2012, version 2, SecurityCenter 4.4
• Required Tools: Nessus
• Download Example - Nessus Enhanced Botnet Detection v2
  
• Download Template - Nessus Enhanced Botnet Detection v2
  

The public IPs listed in the example report were not reported as being part of a botnet at the time of running the report and are provided for demonstration purposes. Please ensure you have the appropriate permission to scan public IPs, including those in the example report.

Modern day malware is generally far more complex to detect than simply scanning a service port so a large portion of the Nessus plugins whose results will be reported in the template require Nessus credentialed scanning.

There are many more additional malware detection plugins beyond those whose results are reported by the template, for example:

52670 Web Site Links to Malicious Content
58182 DNSChanger Malware Detection
33950 MS Executable Detection
35322 HTTP Backdoor Detection
31854 Malware Payload Code detection
29871 Web Server Malicious Javascript Link Detection
16314 Microsoft Windows SMB : Suspicious Software Detection
11329 Virus Infection Detection

The following are excellent sources of information on Nessus malware detection:

Nessus and the Fight against Viruses
Detecting Microsoft Executables Being Served by an Unknown Service with Nessus
#7 Nessus Versus Malware - Top Ten Things You Didn't Know About Nessus