Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Detecting Web Servers with Malicious Javascript

Recently, Tenable Network Security introduced Nessus plugin #29871 which looks at the content of a web site to see if it is hosting potential hostile javascript code. There have been several recent mass defacements and infections of 1000s of web sites through SQL injection attacks. Plugin #29871, named "Web Site contains links to malicious javascript files", specifically checks web sites for links to the "uc8010.com" addresses used in this recent wave of infections.

When performing CGI scans, Tenable recommends several strategies:

  • By default, Nessus will only mirror 200 pages for a scanned site. If your site has more pages than this, you should increase this value to a relative amount.
  • Plugin #29871 is dependent on the webmirror.nasl script so this plugin (#10662) should either be enabled, or the test should be performed with dependencies enabled at runtime.
  • If you are scanning web servers that run on ports other than 80 or 443, be sure to include these in your scan policy.

Tenable also introduced a plugin for the Passive Vulnerability Scanner (#4334), which also detects web sites that are hosting this type of content based purely on traffic analysis.

Plugin #29871 is currently available to Nessus Direct Feed and Security Center users.


Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.