Morto Worm

the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
So, I am sure some of you have seen this thing in your various environments. Currently, we've had one customer get infected. Now I am worried about the rest and want to suggest to management that we take some steps to stop the worm before it starts. In the various material I reviewed in regards to the worm, Trend stated that they were blocking the sites it uses to download it's payload. Microsoft listed the urls that are used for this, so I figure that if we add those entries into the various web filters we should be good to go (obviously, more needs to be done to address the overall reasons for the infection in the first place). Is my thinking correct in this case? Can we just update the various filters to automatically block connections to the eight sites it uses to get it's payload/updates?
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff

Comments

Sign In or Register to comment.