Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Conficker.D ???
From: jah <jah () zadkiel plus com>
Date: Thu, 02 Apr 2009 20:10:37 +0100

On 02/04/2009 19:51, Rathbun, Dan wrote:
If a Conficker.C machine successfully updated itself, will it still be
discoverable with this method?  It seems to me, that the author of
Conficker has significant skills and surely must has seen all the news
about being able to detect the infection remotely.  Have we seen any
proof yet that Conficker.D or whatever they will call it, is still
vulnerable to t his type of detection?
As far as I can tell, Conficker.D is actually the Conficker.C currently
making the headlines and it's just a difference in naming conventions. 
I don't think anybody has seen an update to Conficker.C at the moment,
but as sure as eggs is eggs, detection will be circumvented when an
update does happen.  An update could take a couple of weeks to propagate
too so there's still plenty of time to get as many compromised machines
cleaned-up as possible.



Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]