Detections
Analytics
Malicious Process Detection: Malware Signed By Stolen Bit9 Certificate
critical Nessus Plugin ID 64788
Language:
Synopsis
Nessus detected potentially unwanted processes on the remote host.Description
The md5sum of one or more running processes on the remote Windows host matches the signature of malware that was signed by a certificate stolen from the security firm Bit9.Verify that the remote processes are legitimate and authorized in your environment.
Solution
Uninstall the remote software if it does not match your security policy, and investigate your network for further signs of a breach.See Also
https://krebsonsecurity.com/2013/02/bit9-breach-began-in-july-2012/
https://blog.bit9.com/2013/02/25/bit9-security-incident-update/
Plugin Details
Severity: Critical
ID: 64788
File Name: wmi_bit9_running.nbin
Version: 1.224
Type: local
Agent: windows
Family: Windows
Published: 2/21/2013
Updated: 11/12/2024
Supported Sensors: Nessus Agent, Nessus
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: malscan/enabled