Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Additional Support to Look for Compromised Web Servers

With the recent news of more than 500,000 web sites becoming compromised, Tenable's research team added support into Nessus and the Passive Vulnerabiltiy Scanner to look for evidence of recently installed Javascript that may be indicative of a mass compromise.

With Nessus, the webmirror.nasl and webserver_infected.nasl plugins enumerate the web pages of a scanned web server and look for evidence of a compromise. With the PVS, plugin #4487 watches for unencrypted web traffic which contains evidence of these compromises.

Previously, Tenable has blogged about this type of active and passive detection for a different mass compromise event. Also, last week we blogged about auditing Internet facing web servers. The techniques outlined there should be utilized when auditing web servers that may have been infected with malicious content.

News References