Conflicker/Retina

[Wayne Bullock <wayne () FAU EDU>]

We are Eeye/Retina customers. I was able to download a tool that is
supposed to be able to scan a class c sized address space for Confiker.
It has statuses for Vulnerability and Infections. I have a known
vulnerable address in a range but it doesn't find it. It does however
find the Confiker vulnerability when I scan the single address. I sent
in a ticket to Eeye about this. I image they're kind of busy today. Has
anyone else experienced this? 

Thanks,

        --Wayne

Wayne Bullock, MSCIS, CCNA
Associate Director 
Communication Services Infrastructure
Information Resource Management 
Florida Atlantic University 
777 Glades Road
Boca Raton, FL 33431
 
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken Connelly
Sent: Tuesday, March 31, 2009 10:37 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Conflicker/NMAP

I hope to get my hands on a known-infected machine sometime today, but
it's owned by a student who may or may not be cooperative.  If I do,
I'll let this group know what I find with both nmap and nessus-based
scans.

- ken

Consolvo, Corbett D wrote:
> I realize many folks may not want to answer this, but has anyone had
> many positives/infections with the released nmap scan for Conflicker? 
> So far we seem to be coming up clean and many other folks I've talked
> to or emailed with have come up clean as well.  I'm just concerned
> about the possibility of false negatives.  Of course, the problem may
> not be particularly wide-spread except in the eyes of some media
outlets.
>  
>
> Thanks,
>
> Corbett Consolvo
>
> Texas State University

-- 
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373