icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Stuxnet Traffic Detection

Info

Synopsis

The remote host is passing RPC traffic which is requesting an RPC UUID which is synonymous with the Stuxnet trojan.

Description

The remote host is passing RPC traffic which is requesting an RPC UUID which is synonymous with the Stuxnet trojan. This may indicate that either the host is infected with Stuxnet or the host is scanning for Stuxnet-infected machines.

Solution

Ensure that the system is not infected. If it is not infected, ensure that the system is authorized to be running security scans on the network.