Nmap Development mailing list archives
Re: Conficker.D ???
From: jah <jah () zadkiel plus com>
Date: Thu, 02 Apr 2009 20:10:37 +0100
On 02/04/2009 19:51, Rathbun, Dan wrote:
If a Conficker.C machine successfully updated itself, will it still be discoverable with this method? It seems to me, that the author of Conficker has significant skills and surely must has seen all the news about being able to detect the infection remotely. Have we seen any proof yet that Conficker.D or whatever they will call it, is still vulnerable to t his type of detection?
As far as I can tell, Conficker.D is actually the Conficker.C currently making the headlines and it's just a difference in naming conventions. I don't think anybody has seen an update to Conficker.C at the moment, but as sure as eggs is eggs, detection will be circumvented when an update does happen. An update could take a couple of weeks to propagate too so there's still plenty of time to get as many compromised machines cleaned-up as possible. Regards, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Hard loop while Conficker scanning shorejsi2 (Apr 02)
- Re: Hard loop while Conficker scanning Ron (Apr 02)
- Re: Hard loop while Conficker scanning shorejsi2 (Apr 02)
- Re: Hard loop while Conficker scanning Ron (Apr 02)
- Conficker.D ??? Rathbun, Dan (Apr 02)
- Re: Conficker.D ??? Ron (Apr 02)
- Re: Conficker.D ??? jah (Apr 02)
- Re: Hard loop while Conficker scanning shorejsi2 (Apr 02)
- Re: Hard loop while Conficker scanning Ron (Apr 02)