Monday, January 22, 2007

Storm Worm is not a Storm in a Teacup.

The weekend has been very busy with the Storm Worm. I saw even new variants that have started to use kernel-mode rootkit techniques to hide their files, registry keys, and active network connections. Not every vendor was fast enough to counter the high load of spamming of these new variants however if you have a good strategy to block executables at the gateway or even if you are using some email-clients in a good way (disallowing exe's) you didn't need to use any of the updates. Like I said in the past, it all depends of some small and easy security settings.