Detecting Web Servers with Malicious Javascript
Recently, Tenable Network Security introduced Nessus plugin #29871 which looks at the content of a web site to see if it is hosting potential hostile javascript code. There have been several recent mass defacements and infections of 1000s of web sites through SQL injection attacks. Plugin #29871, named "Web Site contains links to malicious javascript files", specifically checks web sites for links to the "uc8010.com" addresses used in this recent wave of infections.
When performing CGI scans, Tenable recommends several strategies:
- By default, Nessus will only mirror 200 pages for a scanned site. If your site has more pages than this, you should increase this value to a relative amount.
- Plugin #29871 is dependent on the webmirror.nasl script so this plugin (#10662) should either be enabled, or the test should be performed with dependencies enabled at runtime.
- If you are scanning web servers that run on ports other than 80 or 443, be sure to include these in your scan policy.
Tenable also introduced a plugin for the Passive Vulnerability Scanner (#4334), which also detects web sites that are hosting this type of content based purely on traffic analysis.
Plugin #29871 is currently available to Nessus Direct Feed and Security Center users.
Related Articles
Walking the Walk: How Tenable Embraces Its "Secure by Design" Pledge to CISA
November 25, 2024As a cybersecurity leader, Tenable was proud to be one of the original signatories of CISA’s “Secure by Design" pledge” earlier this year. Our embrace of this pledge underscores our commitment to security-first principles and reaffirms our dedication to shipping robust, secure products that our users can trust. Read on to learn how we’re standing behind our pledge.
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
November 22, 2024Don’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against cyberattacks.
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
