NMAP 4.85BETA remotely detects Conficker worm

Its rather old news but Nmap 4.85beta7 is capable of detecting Conficker worm remotely along with many other improvements. Check out announcement at insecure.org.
By the time, I wrote this article Nmap 4.85Beta 8 was also available.

You can download it (whichever latest available) from http://nmap.org/download.html

CLI for detecting Conficker worm using nmap is

#nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1

A clean machine should report at the bottom: "Conficker: Likely Clean", while likely infected machines report "Conficker: Likely INFECTED". Refer to How to use Nmap to scan very large networks for Conficker? at nmap development page.

You can download paper on Conficker from honeynet.org.

By Mandar Pise

Opinions expressed by techsutram contributors are their own.

No comments:

Post a Comment

    Your valuable comments are welcome. (Moderated)


Instagram