Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bit9 Says 32 Malicious Programs Whitelisted In Recent Hack

Posted by timothy on from the nice-binary-number dept.

chicksdaddy writes "The security firm Bit9 released a more detailed analysis of the hack of its corporate network was part of a larger operation that was aimed a firms in a 'very narrow market space' and intended to gather information from the firms. The analysis, posted on Monday on Bit9's blog is the most detailed to date of a hack that was first reported on February 8 by the blog Krebsonsecurity.com, but that began in July, 2012. In the analysis, by Bit9 Chief Technology Officer Harry Sverdlove said 32 separate malware files and malicious scripts were whitelisted in the hack. Bit9 declined to name the three customers affected by the breach, or the industry segment that was targeted, but denied that it was a government agency or a provider of critical infrastructure such as energy, utilities or banking. The small list of targets — just three — and the fact that one malware program was communicating with a system involved in a recent 'sinkholing operation' raises the specter that the hack of Bit9 may have played a part in the recent attacks on Facebook, Twitter and Apple, though Bit9 declined to name the firms or the market they serve."

4 of 18 comments (clear)

  1. Viral horde by smittyoneeach · · Score: 4, Funny

    The viral horde
    On internet stored
    Like facial stubble
    Must be deplored
    Burma Shave

    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  2. Re:"Whitelisted" by whyloginwhysubscribe · · Score: 4, Informative

    I understood this as the hack whitelisting malware which should have been blacklisted... So it was used correctly.

  3. Re:"Whitelisted" by hAckz0r · · Score: 3, Informative

    Yes, Bit9 software is a default deny paradigm, and so anything that is allowed to run on your system needs to be explicitly allowed, so malware can't get onto your system so easily (buffer overflows are still possible). That being said, Bit9 did not protect one of their all important signing keys, so the hacker used it and signed a whole lot of bad stuff they had in their tool bag. The hacker thereby added all his malware to the permitted white-list because they were signed by an authority that is trusted by the software protecting the systems. Who could be more trusted than the software company who protects your computer?

  4. Side Effect by ThatsNotPudding · · Score: 2

    The sad side effect of endless war, warrantless wiretapping, blatant disregard of the Rule of Law, is that I'm left to wonder if any of this is true, instead of just a False Flag operation to justify the final destruction of privacy and the true Internet.