mailing list archives
Re: Nmap 4.85BETA5: Now with Conficker detection!
From: Fyodor <fyodor () insecure org>
Date: Mon, 30 Mar 2009 23:48:50 -0700
On Mon, Mar 30, 2009 at 01:03:19PM -0700, Fyodor wrote:
Hi All! We found out just yesterday about new research by Tillmann
Werner and Felix Leder of a way to anonymously scan for Conficker worm
infections! Ron sprang into action and added the detection to the
smb-check-vulns NSE script! I even had to infect one of my own
systems for Ron to test with. David and Brandon helped too.
And the script is already winning praise :). I just found an article
at Darkreading.com which includes:
I can't vouch for all of the tools listed in the list Dan included
on his blog, but I did spend quite a bit of time testing Nmap,
Simple Conficker Scanner (Honeynet Project) and Tenable Nessus this
morning, and they pretty much all had the same results. The only
real difference is price; the first two tools are free, while
Nessus is only free for home users and corporate users pay a pretty
Of the three tools I've used, Nmap has been the top performer in
regards to speed followed by Nessus and the Simple Conficker
Scanner (SCS). The SCS tool is Python-based, which Dan Kaminsky has
ported to Windows with py2exe so admins aren't required to install
Python to use. The SCS tool wasn't very fast, although I did found
that by performing an Nmap of the network first to find hosts
listening on port 445/tcp and feeding that list to SCS, the scan
time for SCS is greatly reduced. However, at that point, you might
as well use Nmap.
I've posted an announcement of the new version and a link to more
news articles up at http://insecure.org.
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org