Nmap Development mailing list archives
RE: Nmap 4.85BETA5: Now with Conficker detection!
From: Craig Humphrey <Craig.Humphrey () chapmantripp com>
Date: Tue, 31 Mar 2009 15:01:51 +1300
Hi Guys, Awesome for getting this out so quick! Just wanting to clarify the output from nmap when scanning for Conficker. When it says: "MS08-067: NOT RUN" Does that mean the scan/probe hasn't been run, or the patch hasn't been applied? Thanks Craig -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Fyodor Sent: Tuesday, March 31, 2009 9:03 AM To: nmap-dev () insecure org Subject: Nmap 4.85BETA5: Now with Conficker detection! Hi All! We found out just yesterday about new research by Tillmann Werner and Felix Leder of a way to anonymously scan for Conficker worm infections! Ron sprang into action and added the detection to the smb-check-vulns NSE script! I even had to infect one of my own systems for Ron to test with. David and Brandon helped too. And now we're happy to release Nmap 4.85BETA5, which includes the Conficker detection! You can find it on the download page: http://nmap.org/download.html Here is an example command for detecting Conficker: nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks] It is worth scanning soon, since Conficker nodes are set to be updated with new instructions on Wednesday if they aren't cleaned by then! Note that I've removed 4.76 from the D/L page as I think 4.85BETA5 is the way to go in general. Test this out soon, if you can, and send your results to nmap-dev, as this release is sure to get a lot of attention and interest :). Here are the changes since 4.85BETA4 a couple weeks ago: o Ron (in just a few hours of furious coding) added remote detection of the Conficker worm to smb-check-vulns. It is based on new research by Tillmann Werner and Felix Leder. You can scan your network for Conficker with a command like: nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks] [snip snip] This email is intended solely for the use of the addressee and may contain information that is confidential or subject to legal professional privilege. If you receive this email in error please immediately notify the sender and delete the email. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- RE: Nmap 4.85BETA5: Now with Conficker detection! Craig Humphrey (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- RE: Nmap 4.85BETA5: Now with Conficker detection! Craig Humphrey (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! LevelZero (Mar 31)
- Re: Nmap 4.85BETA5: Now with Conficker detection! David Fifield (Mar 31)
- RE: Nmap 4.85BETA5: Now with Conficker detection! Craig Humphrey (Mar 30)