[nsp-sec] Conficker question
Smith, Donald
Donald.Smith at qwest.com
Tue Mar 17 18:09:51 EDT 2009
And if you aren't already getting your conficker reports from arbor/atlas I recommend you work with Jose to get them.
(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Jose Nazario
> Sent: Tuesday, March 17, 2009 2:40 PM
> To: Maria Rosa Drake - FIU
> Cc: NSP-Sec
> Subject: Re: [nsp-sec] Conficker question
>
> ----------- nsp-security Confidential --------
>
> the big vector we've seen is over USB sticks and file shares, not the
> MS08-067 vector. defending against that is a "boil the ocean"
> solution:
> updated and intact AV everywhere (and makes rue MS08-067 is installed
> everywhere too).
>
> as for detecting it you can rely (as you have been) on third party
> sinkhole reports, or you can block/detect on the outbound
> "http check in"
> signatures or flows.
>
> -------------------------------------------------------------
> jose nazario, ph.d. <jose at arbor.net>
> manager of security research arbor networks
> v: (734) 821 1427 http://asert.arbor.net/
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
>
More information about the nsp-security
mailing list