Tuesday, March 31, 2009

Conficker Worm and Nmap

It has been a while since I made any posts here. Really kind of forgot about this thing. But there is a lot of talk about Conficker.
Well the guys at the Honeynet Project have figured a way to detect it.
Nmap has release a beta that has the ability to check for it. You can get it here.

The command looks like the following:
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]

Big thanks goes out to Dan Kaminsky @ DoxPara Research Tillmann Werner and Felix Leder of the Honeynet Project.
And of course to Fyodor for making Nmap

I have also posted some info over on the Back Track Forums will continue to update there as need be.


coffee maker said...

I wouldn't be totally surprised if the Conficker worm turned out to be an "April Fool's Joke," but of course doing nothing still isn't worth the risk

Anonymous said...

so far it looks like conficker is nothing more than a joke.
Thanks for posting this information.