Re: Conflicker/NMAP

["King, Ronald A." <raking () NSU EDU>]

We are in the process of running a Nessus scan using the latest
Windows/Conficker filter.  The public IP machines have come up clean.
Faculty/Staff are currently being scanned.  Students are last.



As mentioned in other messages, we keep our systems updated through WSUS and
our AV is centralized.  I have only seen one host infected and it was
because the faculty member had it on the card in their camera.  It was
blocked immediately by the AV.



If I see other hosts infected, I'll post any pertinent info to the group.



Ronald King

Security Engineer

Norfolk State University

Marie V. McDemmond Center for Applied Research

Suite 401

700 Park Ave.

Norfolk, Virginia  23504

Phone:  757-823-3918

Email: raking () nsu edu

http://security.nsu.edu



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Consolvo, Corbett D
Sent: Tuesday, March 31, 2009 10:22 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Conflicker/NMAP



I realize many folks may not want to answer this, but has anyone had many
positives/infections with the released nmap scan for Conflicker?  So far we
seem to be coming up clean and many other folks I've talked to or emailed
with have come up clean as well.  I'm just concerned about the possibility
of false negatives.  Of course, the problem may not be particularly
wide-spread except in the eyes of some media outlets.



Thanks,

Corbett Consolvo

Texas State University

Attachment: smime.p7s
Description: