Educause Security Discussion mailing list archives
Re: Conflicker/NMAP
From: Jason Testart <jatestart () UWATERLOO CA>
Date: Tue, 31 Mar 2009 10:40:09 -0400
We had most of our machines patched for MS08-067 within a week after the patch was released. We've been doing Nessus scans for it about every 3 weeks since and in January we ejected any unpatched machines off the network. We've been seeing variants of Trojan.Flush since 2006 (our IDS alarms on DNS traffic to specific Ukrainian netblocks). The vast majority of infections (99%) are students in the Residences and on our wireless network. jt -- Jason A. Testart, BMath | Voice: +1-519-888-4567 x38393 Manager, IT Security | Fax: +1-519-884-4398 Information Systems and Technology | http://ist.uwaterloo.ca/security University of Waterloo, Waterloo, Ontario N2L 3G1 CANADA Greg T. Grimes wrote:
It's Conficker, not Conflicker. It's also known as Downadup. And as most security researches have stated, it's not as big a threat as is being portrayed in the media. If your computers are patched and virus definitions are up to date then you shouldn't have anything to worry about. Currently Conficker isn't our problem it's Trojan.Flush.M. If you haven't heard about this one, be on the look out for people using offsite DNS. On Tue, 31 Mar 2009, Consolvo, Corbett D wrote:I realize many folks may not want to answer this, but has anyone had many positives/infections with the released nmap scan for Conflicker? So far we seem to be coming up clean and many other folks I've talked to or emailed with have come up clean as well. I'm just concerned about the possibility of false negatives. Of course, the problem may not be particularly wide-spread except in the eyes of some media outlets. Thanks, Corbett Consolvo Texas State University
-- Jason A. Testart, BMath | Voice: +1-519-888-4567 x38393 Manager, IT Security | Fax: +1-519-884-4398 Information Systems and Technology | http://ist.uwaterloo.ca/security University of Waterloo, Waterloo, Ontario N2L 3G1 CANADA
Current thread:
- Conflicker/NMAP Consolvo, Corbett D (Mar 31)
- <Possible follow-ups>
- Re: Conflicker/NMAP Stanclift, Michael (Mar 31)
- Re: Conflicker/NMAP Harris, Michael C. (Mar 31)
- Re: Conflicker/NMAP Greg T. Grimes (Mar 31)
- Re: Conflicker/NMAP Jason S. Cash (Mar 31)
- Re: Conflicker/NMAP David Boyer (Mar 31)
- Re: Conflicker/NMAP Ken Connelly (Mar 31)
- Re: Conflicker/NMAP Jason Testart (Mar 31)
- Re: Conflicker/NMAP Jason Frisvold (Mar 31)
- Re: Conflicker/NMAP Mike Austin (Mar 31)
- Re: Conflicker/NMAP King, Ronald A. (Mar 31)
- Re: Conflicker/NMAP John Sawyer (Mar 31)
- Re: Conflicker/NMAP Jerry Sell (Mar 31)
- Re: Conflicker/NMAP Pete Hickey (Mar 31)
- Re: Conflicker/NMAP James R. Pardonek (Mar 31)
- Re: Conflicker/NMAP Stanclift, Michael (Mar 31)
- Re: Conflicker/NMAP Dennis Meharchand (Mar 31)
- Re: Conflicker/NMAP David Harley (Mar 31)
(Thread continues...)