Educause Security Discussion mailing list archives
Re: Conficker/NMAP
From: "Consolvo, Corbett D" <cc72 () TXSTATE EDU>
Date: Tue, 31 Mar 2009 09:33:35 -0500
Apologies for my spelling error. We are also currently doing DNS capture at our edge and have found a few machines making DNS requests to very suspicious sites - in the process of writing some rules to contain it. Thanks, Corbett -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg T. Grimes Sent: Tuesday, March 31, 2009 9:30 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Conflicker/NMAP It's Conficker, not Conflicker. It's also known as Downadup. And as most security researches have stated, it's not as big a threat as is being portrayed in the media. If your computers are patched and virus definitions are up to date then you shouldn't have anything to worry about. Currently Conficker isn't our problem it's Trojan.Flush.M. If you haven't heard about this one, be on the look out for people using offsite DNS. On Tue, 31 Mar 2009, Consolvo, Corbett D wrote:
I realize many folks may not want to answer this, but has anyone had many positives/infections with the released nmap scan for Conflicker? So far we seem to be coming up clean and many other folks I've talked to or emailed with have come up clean as well. I'm just concerned about the possibility of false negatives. Of course, the problem may not be particularly wide-spread except in the eyes of some media outlets. Thanks, Corbett Consolvo Texas State University
-- Greg T. Grimes Senior Network Analyst Information Technology Services Mississippi State University greg.grimes () msstate edu
Current thread:
- Re: Conficker/NMAP Consolvo, Corbett D (Mar 31)
- <Possible follow-ups>
- Re: Conficker/NMAP Bob Bayn (Mar 31)