Microsoft Portable Executable (PE) in Transit Detection (Client)

critical Nessus Network Monitor Plugin ID 5706

Synopsis

The remote host has transferred an executable file.

Description

This client connected to a server and downloaded an executable in the Portable Executable (PE) format. This format includes Windows executables with the '.exe' and '.dll' extensions. This may be evidence of some malware which are known to propagate in this manner.

Solution

Check the host and disinfect / reinstall it if necessary.

Plugin Details

Severity: Critical

ID: 5706

Family: Backdoors

Published: 11/11/2010

Updated: 10/10/2018