Re: Conficker/NMAP

["Consolvo, Corbett D" <cc72 () TXSTATE EDU>]

Apologies for my spelling error.  We are also currently doing DNS capture at our edge and have found a few machines 
making DNS requests to very suspicious sites - in the process of writing some rules to contain it.
Thanks,
Corbett

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg T. 
Grimes
Sent: Tuesday, March 31, 2009 9:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Conflicker/NMAP

It's Conficker, not Conflicker.  It's also known as Downadup.  And as most 
security researches have stated, it's not as big a threat as is being 
portrayed in the media.  If your computers are patched and virus 
definitions are up to date then you shouldn't have anything to worry 
about.  Currently Conficker isn't our problem it's Trojan.Flush.M.  If you 
haven't heard about this one, be on the look out for people using offsite 
DNS.

On Tue, 31 Mar 2009, Consolvo, Corbett D wrote:

> I realize many folks may not want to answer this, but has anyone had 
> many positives/infections with the released nmap scan for Conflicker?  So 
> far we seem to be coming up clean and many other folks I've talked to or 
> emailed with have come up clean as well.  I'm just concerned about the 
> possibility of false negatives.  Of course, the problem may not be 
> particularly wide-spread except in the eyes of some media outlets.
>
> Thanks,
> Corbett Consolvo
> Texas State University

-- 
Greg T. Grimes
Senior Network Analyst
Information Technology Services
Mississippi State University
greg.grimes () msstate edu