length: 00:21:36

one thing very interesting: USB parasitic

not only USB stick – but also picture frame, camera, phone

Generic loader: detection for autorun is the number 1 hit in last 24h

Something that can be prevented by policy & compliance & tool to enforce policy & compliance – very controllable

For next year trend:

-          Targeting: example:  control system & proprietary system, once relied on security through obscurity,now it’s more connected than ever

-          Hiding technique

If you don’t have MS08-067 installed: go do it now!!!!! We have seen some activity on this one

W32.Conficker.Worm: first real wild worm to exploit this MS08-067 – a lot of in common as slammer – over the wire attack

Nothing is necessarily needs to be written to disk in order to exploit- similar problem to mitigate SQL slammer

AV engine is not sitting where the exploit is done – cannot address root cause

HIPS can monitor if b0f is done in certain process

IPS has signature specific to the attack- allow time to install the patch