CPE: McAfee AudioParasitic: Episode 46: critical, out-of-cycle, Microsoft patch.
length: 00:18:37
self executing worm: sasser (the biggest), blaster
last week: knee jerk reaction because RPC vulnerability –
because of the way RPC has been exploited in the past nowadays desktop &
perimeter FW
lots of spyware being dropped
the PoC was not mature, but it’s not simply PoC of b0f,
it does something, but it is not gov/org
malware level
when hacker find something hot, they don’t wait too long
as the window of vulnerability will close
exploit via wire – IPS is best method to detect
but self executing worm will have a code that need to be spread,
from AV prespective it should be able to detect it
BUT the exploit can be done without any file – needs to
be written in the disk
SQL slammer: fileless malware
HIPS & generic b0f protection is good way to mitigate
Payload can be obfuscated – but the exploit cannot – IPS DCE
RPC is old signature
Not feasible for AV to scan memory all the time.
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home