Botnet Reputation and Content Scanning in Nessus
With today’s plugin updates, Nessus now has the capability to warn you of hosts that are being controlled by botnets or hosting links to known malware or phishing sites.
Nessus uses a list of botnet infected hosts that is updated daily to search for your scan targets and report if the host is a known botnet zombie or is in command and control node. This is done regardless of the plugins or credentials specified and does not require sending any packets to the host to perform this check. Such hosts have been previously observed as sending malicious traffic to third-party systems across the Internet or taking an active role in attempting to control or compromise hosts for the botnet.
In addition to checking for inclusion in a botnet, Nessus will also report if a scan target is hosting links to web site addresses and specific URLs that are used by known botnets to propagate or re-directing to sites hosting phishing content. During the testing of CGI scripts, Nessus will scan the content of web pages looking for references to this type of malicious content. The ability to discover if an asset hosts botnet related malware or pages designed to steal credentials from unsuspecting users (e.g., fake eBay or banking login pages) is an incredible way to augment vulnerability scans.
To leverage this feature, make sure that your Nessus scans are looking at web site content. To enable this feature, set the Preferences -> Global Settings -> Enable CGI Tests setting to “enabled”.
The following Nessus plugins perform the botnet and malicious website content analysis:
This update is available to all Nessus users including the Nessus ProfessionalFeed and HomeFeed subscriptions, the Nessus PerimeterService and SecurityCenter customers. Tenable also offers a variety of log analysis, NetFlow analysis and passive network traffic analysis solutions which can help identify system events, user behavior and network traffic that is indicative of a botnet. To learn more about these solutions, please visit our web site or watch any of the following on-demand webinars:
- Putting a Virus under the SIEM Microscope
- Monitoring Users and Botnets with DNS
- Tracking Application Execution for Compliance and Security
- Finding and Stopping APT
Related Articles
Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog
October 23, 2023Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable.
Tuning Network Assessments for Performance and Resource Usage
September 13, 2022Using the correct tool for the job and optimizing scanner placement will have a large impact on scan efficiency with Nessus, Tenable.io and Tenable.sc.
Terrascan Joins the Nessus Community, Enabling Nessus To Validate Modern Cloud Infrastructures
May 17, 2022The addition of Terrascan to the Nessus family of products helps users better secure cloud native infrastructure by identifying misconfigurations, security weaknesses, and policy violations by scanning Infrastructure as Code repositories.
Securing Financial Data in the Cloud: How Tenable Can Help
November 4, 2024Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.
Cybersecurity Snapshot: Apply Zero Trust to Critical Infrastructure’s OT/ICS, CSA Advises, as Five Eyes Spotlight Tech Startups’ Security
November 1, 2024Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.
- Nessus