Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Botnet Reputation and Content Scanning in Nessus

With today’s plugin updates, Nessus now has the capability to warn you of hosts that are being controlled by botnets or hosting links to known malware or phishing sites.

Nessus uses a list of botnet infected hosts that is updated daily to search for your scan targets and report if the host is a known botnet zombie or is in command and control node. This is done regardless of the plugins or credentials specified and does not require sending any packets to the host to perform this check. Such hosts have been previously observed as sending malicious traffic to third-party systems across the Internet or taking an active role in attempting to control or compromise hosts for the botnet.

In addition to checking for inclusion in a botnet, Nessus will also report if a scan target is hosting links to web site addresses and specific URLs that are used by known botnets to propagate or re-directing to sites hosting phishing content. During the testing of CGI scripts, Nessus will scan the content of web pages looking for references to this type of malicious content. The ability to discover if an asset hosts botnet related malware or pages designed to steal credentials from unsuspecting users (e.g., fake eBay or banking login pages) is an incredible way to augment vulnerability scans.

To leverage this feature, make sure that your Nessus scans are looking at web site content. To enable this feature, set the Preferences -> Global Settings -> Enable CGI Tests setting to “enabled”. 

The following Nessus plugins perform the botnet and malicious website content analysis:

  • 52670 – Web Site Links to malicious Content
  • 52669 – Host is listed in Known Bot Database

This update is available to all Nessus users including the Nessus ProfessionalFeed and HomeFeed subscriptions, the Nessus PerimeterService and SecurityCenter customers. Tenable also offers a variety of log analysis, NetFlow analysis and passive network traffic analysis solutions which can help identify system events, user behavior and network traffic that is indicative of a botnet. To learn more about these solutions, please visit our web site or watch any of the following on-demand webinars: 

 

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.