Malicious Process Detection: Malware Signed By Stolen Bit9 Certificate

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

Nessus detected potentially unwanted processes on the remote host.

Description :

The md5sum of one or more running processes on the remote Windows host
matches the signature of malware that was signed by a certificate
stolen from the security firm Bit9.

Verify that the remote processes are legitimate and authorized in your
environment.

See also :

http://krebsonsecurity.com/2013/02/bit9-breach-began-in-july-2012/
https://blog.bit9.com/2013/02/25/bit9-security-incident-update/

Solution :

Uninstall the remote software if it does not match your security
policy, and investigate your network for further signs of a breach.

Risk factor :

Critical

Family: Windows

Nessus Plugin ID: 64788 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now