Over the last few weeks we have measured a fairly slow, but steady increase in the amount of general web site scanning. More and more often, our HoneyPoint systems are identifying PHP scans, scans for older vulnerabilities dating back to Nimda and Code red and a slew of newer scans for specific bulletin board, blog management and other web-based application code.
These scans are appearing from a number of locales and appear to be mostly automated. Their sources appear to be from mostly compromised systems on small to mid-sized company networks.
As these scans increase in frequency and capability, it is essential that organizations ensure that they have secured their web servers against common known vulnerabilities. There are a number of tools such as nikto, Sandcat and others or available services to scan sites for little or no charge. Organizations should utilize these tools or their existing managed vulnerability assessment services to ensure they are protected against these common worm-style attacks.