Orbit

Hi Scott,

I think it is ME who needs that coffee! It should of course read:

"Nmap has released a new (beta) release that enables _*you to detect*_ Conficker infections just by scanning the network."

Richard

Hello,

Maybe it's just me, but this makes it seem as if you can infect machines with Conficker by scanning the network with NMap.

"Nmap has released a new (beta) release that enables Conficker infections just by scanning the network."

Do I just need more coffee? :-)

scott

--- richard@auscert.org.au wrote:

From: Richard Billington richard@auscert.org.au To: pacnog@pacnog.org Subject: [pacnog] Conficker C - Scanning (remote detection) tool available Date: Tue, 31 Mar 2009 10:09:55 +1000

Hi Teams,

If any of you haven't seen, researchers have found that Conficker leaves a fingerprint because of how it changes the Windows network stack. This fingerprint can be checked for with tools such as nmap.

Nmap has released a new (beta) release that enables Conficker infections just by scanning the network.

For more information (including commands for Conficker scanning) see: http://insecure.org/

An original tool (before it was added into nmap) is also available: http://iv.cs.uni-bonn.de/uploads/media/scs.zip

And further info can be found at these sites: http://www.honeynet.org/ (https://www.honeynet.org/node/389) http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/

Happy Scanning

Regards, Richard

-- Security Analyst | Hotline: +61 7 3365 4417 AusCERT | Fax: +61 7 3365 7031 Australia's National CERT | WWW: www.auscert.org.au Brisbane QLD Australia | Email: auscert@auscert.org.au _______________________________________________ pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog