[nsp-sec] Conficker question
Jose Nazario
jose at arbor.net
Tue Mar 17 16:39:35 EDT 2009
the big vector we've seen is over USB sticks and file shares, not the
MS08-067 vector. defending against that is a "boil the ocean" solution:
updated and intact AV everywhere (and makes rue MS08-067 is installed
everywhere too).
as for detecting it you can rely (as you have been) on third party
sinkhole reports, or you can block/detect on the outbound "http check in"
signatures or flows.
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
manager of security research arbor networks
v: (734) 821 1427 http://asert.arbor.net/
More information about the nsp-security
mailing list