Stuxnet Traffic Detection

Info Nessus Network Monitor Plugin ID 5721

Synopsis

The remote host is passing RPC traffic which is requesting an RPC UUID which is synonymous with the Stuxnet trojan.

Description

The remote host is passing RPC traffic which is requesting an RPC UUID which is synonymous with the Stuxnet trojan. This may indicate that either the host is infected with Stuxnet or the host is scanning for Stuxnet-infected machines.

Solution

Ensure that the system is not infected. If it is not infected, ensure that the system is authorized to be running security scans on the network.

Plugin Details

Severity: Info

ID: 5721

File Name: 5721.prm

Family: Backdoors

Published: 2010/12/06

Modified: 2015/06/01

Risk Information

Risk Factor: Info

Vulnerability Information

Vulnerability Publication Date: 2010/07/01