Thursday, April 30, 2009

Nmap 4.85BETA6 now avail w/Conficker detection


The Conficker worm is receiving a lot of attention because of its vast scale (millions of machines infected) and advanced update mechanisms. Conficker isn't the end of the Internet (despite some of that hype), but it is a huge nuisance we can all help to clean up.

Thanks to excellent research by Tillmann Werner and Felix Leder of The Honeynet Project and implementation work by Ron Bowes, David Fifield, Brandon Enright, and Fyodor, we've rolled out a new Nmap release which can remotely scan for and detect infected machines. Nmap 4.85BETA7 is now available from the Nmap Site, including official binaries for Windows and Mac OS X. To scan for Conficker, use a command such as:
nmap -PN -T4 -p139,445 -n -v --script smb-check-vulns,smb-os-discovery --script-args safe=1 [targetnetworks]

You will only see Conficker-related output if either port 139 or 445 are open on a host. A clean machine reports at the bottom: “Conficker: Likely CLEAN”, while likely infected machines say: “Conficker: Likely INFECTED

for more info :

http://seclists.org/nmap-hackers/2009/0001.html
http://seclists.org/nmap-dev/2009/q1/0869.html
http://insecure.org/
http://www.doxpara.com/

Nmap Download

0 comments:

Post a Comment

 

Subscribe in Bloglines Msn bot last visit powered by MyPagerank.Net Yahoo bot last visit powered by MyPagerank.Net
I heart FeedBurner downtime checker The Ubuntu Counter Project - user number # 31290

 
Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Powered by TadPole
FOG FLAMES