Security firm Bit9 has been hacked according to a blog post from Brian Krebs –
“Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known “safe” files from computer viruses and other malicious software.”
It looks like the bad guys got their hands on Bit9’s code signing certificates which is bad news for many a reason. The main one being that any malware signed with it would, presumably, appear to be quite legitimate. Worse yet, it has been reported that the Bit9 software will automatically trust anything that has been signed by the Bit9 certificate.
Fortunately, Bit9 appear to be on the case though and have alerted their customers via a public blog posting –
We revoked the affected certificate and acquired a new one.
We eliminated the operational issue that led to the illegal access to the certificate and ensured Bit9 is installed on all of our physical and virtual machines.
While our investigation shows our product was not compromised, we are finalizing a product patch that will automatically detect and stop the execution of any malware that illegitimately uses the certificate.
We have been proactively monitoring the Bit9 Software Reputation Service for hashes from the illegitimately signed malware.
On the positive side it is good to see the company deal with the issue and alert customers as quickly as possible but, considering that Bit9 have disclosed that they failed to install their own security software on several of their network computers, it will be an interesting time for them at the upcoming RSA Conference don’t you think?