Once the malware was installed, it communicated with servers on IP ranges belonging to network providers including New Century InfoComm Tech Co., Ltd. of Taiwan, the Asia Pacific Network Information Centre in South Brisbane, Australia, and Sparkstation in Singapore.
Bit9 said its product code was not affected, but it is reviewing its entire code base. The company also is undergoing a security audit and "addressed the errors that led to the compromise," Sverdlove wrote.
"While we believe Bit9 is the most effective protection you can have on your endpoints, I've always said there is no silver bullet to security," he wrote. "This incident has only fortified what we already knew...the enemy is persistent, sophisticated and motivated.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk