Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Other/General Certifications
Morto Worm
the_Grinch
So, I am sure some of you have seen this thing in your various environments. Currently, we've had one customer get infected. Now I am worried about the rest and want to suggest to management that we take some steps to stop the worm before it starts. In the various material I reviewed in regards to the worm, Trend stated that they were blocking the sites it uses to download it's payload. Microsoft listed the urls that are used for this, so I figure that if we add those entries into the various web filters we should be good to go (obviously, more needs to be done to address the overall reasons for the infection in the first place). Is my thinking correct in this case? Can we just update the various filters to automatically block connections to the eight sites it uses to get it's payload/updates?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
RTmarc
Remove simple passwords and block access to/from the listed IPs/domains.
done.
ipSpace
Enable logging so you can see exactly what PCs are trying to reach those IPs/URLs thus finding and killing the worm much quicker.
SephStorm
Whats a worm?
No seriously, i've never heard of it. (this worm)
the_Grinch
Encyclopedia entry: Worm:Win32/Morto.A - Learn more about malware - Microsoft Malware Protection Center
Little light reading for you
It's actually pretty cool....
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
