Orbit

Hi Teams,

If any of you haven't seen, researchers have found that Conficker leaves a fingerprint because of how it changes the Windows network stack. This fingerprint can be checked for with tools such as nmap.

Nmap has released a new (beta) release that enables Conficker infections just by scanning the network.

For more information (including commands for Conficker scanning) see: http://insecure.org/

An original tool (before it was added into nmap) is also available: http://iv.cs.uni-bonn.de/uploads/media/scs.zip

And further info can be found at these sites: http://www.honeynet.org/ (https://www.honeynet.org/node/389) http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/

Happy Scanning

Regards, Richard

-- Security Analyst | Hotline: +61 7 3365 4417 AusCERT | Fax: +61 7 3365 7031 Australia's National CERT | WWW: www.auscert.org.au Brisbane QLD Australia | Email: auscert@auscert.org.au