#7 Nessus Versus Malware – Top Ten Things You Didn’t Know About Nessus

Nessus has several different plugins and techniques for helping you with the fight against malware. The video below is part 7 in our series of the top ten things you didn't know about Nessus and covers 3 different ways Nessus can be used to help detect malware:

Below are a few more examples of how Nessus can detect malware:

1. Nessus Network Checks

Nessus plugins in the "Backdoor" plugin family detect certain types of generic behavior on listening services that are indicative of malware. For example, plugin #35322 detects the presence of an HTTP backdoor. Nessus detects the web server remotely and identifies a condition where the web server, regardless of the request, returns a Windows executable:

Conficker and the Downadup worm used this method to propagate. This is a sure fire indication that the host has been compromised.

Nessus can also detect if one of your web sites is hosting malicious JavaScript. In this condition, two things are being detected: 1) The fact that your web site is vulnerable in some way which allows attackers to modify the content and 2) Clients going to the web site will likely get infected via the JavaScript code: (continue reading...)