Its rather old news but Nmap 4.85beta7 is capable of detecting Conficker worm remotely along with many other improvements. Check out announcement at insecure.org.
By the time, I wrote this article Nmap 4.85Beta 8 was also available.
#nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1
A clean machine should report at the bottom: "Conficker: Likely Clean", while likely infected machines report "Conficker: Likely INFECTED". Refer to How to use Nmap to scan very large networks for Conficker? at nmap development page.
By the time, I wrote this article Nmap 4.85Beta 8 was also available.
You can download it (whichever latest available) from http://nmap.org/download.html
CLI for detecting Conficker worm using nmap is#nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1
A clean machine should report at the bottom: "Conficker: Likely Clean", while likely infected machines report "Conficker: Likely INFECTED". Refer to How to use Nmap to scan very large networks for Conficker? at nmap development page.
You can download paper on Conficker from honeynet.org.
No comments:
Post a Comment
Your valuable comments are welcome. (Moderated)