Wednesday, December 18, 2013

CPE: McAfee AudioParasitic: Episode 49: worm attack

length: 00:21:36

one thing very interesting: USB parasitic

not only USB stick – but also picture frame, camera, phone

Generic loader: detection for autorun is the number 1 hit in last 24h

Something that can be prevented by policy & compliance & tool to enforce policy & compliance – very controllable

For next year trend:
-          Targeting: example:  control system & proprietary system, once relied on security through obscurity,now it’s more connected than ever
-          Hiding technique

If you don’t have MS08-067 installed: go do it now!!!!! We have seen some activity on this one

W32.Conficker.Worm: first real wild worm to exploit this MS08-067 – a lot of in common as slammer – over the wire attack

Nothing is necessarily needs to be written to disk in order to exploit- similar problem to mitigate SQL slammer

AV engine is not sitting where the exploit is done – cannot address root cause

HIPS can monitor if b0f is done in certain process
IPS has signature specific to the attack- allow time to install the patch

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home