Filed under: Malware, Tools
Hi everybody, With the help of Symantec's Security Intelligence Analysis Team, I've put together a script that'll detect Conficker (.C and up) based on its peer to peer ports. The script is called p2p-conficker.nse, and automatically runs against any Windows system when scripts are being used: nmap --script p2p-conficker,smb-os-discovery,smb-check-vulns \ --script-args=safe=1 -T4 -p445 <host> or [...]
Read More
Permalink Comments (13) Ron Bowes Apr 21, 2009
Filed under: Malware, NetBIOS/SMB
Morning, all! Last night Fyodor and crew rolled out Nmap 4.85beta7. This was because some folks from the Honeynet Project discovered a false negative (showed no infection where an infection was present), which was then confirmed by Tenable. We decided to be on the safe side, and updated our checks. 4.85 also contains several bugfixes [...]
Read More
Permalink Comments (3) Ron Bowes Apr 2, 2009
