375 KB | 3 files | DOC, PDF
Use US-CERT tactical and strategic recommendations to prevent Coreflood Trojan malware infection.
Software vulnerabilities are not always a necessity for malicious software (malware) infection and propagation. The Coreflood Trojan is an example of this type of vulnerability-independent malware. It is designed to leverage the natural structure of a Windows network for account compromise and data theft.
Criminals typically utilize infected websites to stealthily infect users. Once the system is infected, the malware remains dormant on the system until someone with a privileged account (system administrator) logs in. Once the system administrator logs into the computer, the malware attempts to traverse the network using a legitimate Windows program, psexec. Later versions of the malware stopped using the psexec tool and implemented a custom tool designed to imitate psexec capabilities. Coreflood was originally discovered in 2001 and continues to evolve as an active threat within the malware market.
US-CERT recommends organizations evaluate the following tactical and strategic mitigations to determine which mitigations they can leverage in their specific environments to minimize and prevent Coreflood Trojan infections.
Included in this ZIP file are:
This publication provides guidelines for establishing and participating in cyber threat information sharing relationships. ... More >>
In this excerpt, Pooley focuses on managing your information assets, specifically looking at how to keep them safe, stay out of trouble, and maximize their utility in your business. ... More >>
This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations. ... More >>