Re: Conflicker/NMAP

[Dean De Beer <deandebeer () GMAIL COM>]

I'd be careful about using this. It's a VB script that would need to be
pushed out to each machine in the environment. It then tries to resolve a
series of domains with 'norton' in them. It also requires creating A records
on the name server to test against. If they don't resolve then the system is
infected. This is a not a great way to do detects and in a large
infrastructure would likely cause a dos situation on the dns server.

Basically all it does is what this page does:
http://www.joestewart.org/cfeyechart.html

On Wed, Apr 1, 2009 at 1:25 PM, Marty Hoag <marty.hoag () ndsu edu> wrote:

>   Here is a link to the Homeland Security release
> notice:
>
> http://www.dhs.gov/ynews/releases/pr_1238443907751.shtm
>
> It appears it is available but through established
> response and security channels. I won't try to summarize
> more than that so you'll have to read the release for
> more details.
>
>   Marty
>
>
> Jason Frisvold wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Joseph Clark wrote:
> >
> > > Has anyone tried the Department of Homeland Security Conficker Scanner?
> >
> > Does anyone *have* the DoHS scanner?  The press release I saw noted that
> > it was for Federal systems only and not available to the public...  (Why
> > they wouldn't release it to everyone, I don't know...)
> >
> > - --
> > - ---------------------------
> > Jason Frisvold
> > Network Engineer
> > frisvolj () lafayette edu
> > - ---------------------------
> > "What I cannot create, I do not understand"
> >   - Richard Feynman
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.5 (GNU/Linux)
> > Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
> >
> > iD8DBQFJ05IEO80o6DJ8UvkRArGcAJ4yAMopC5Mk9/xxW944fqoGo2uLYgCbBZqm
> > KP1bYgUwi+zXHaG8Xi4Rz0Q=
> > =IdQ5
> > -----END PGP SIGNATURE-----