Running Malware Scripts

["Rathbun, Dan" <Dan.Rathbun () aecom com>]

Greetings all,

 

I bought the 'NMAP Network Scanning' book from Amazon the other day and
it's a GREAT read!  I have already learned many new tricks about how to
leverage NMAP more fully, and I am fast at work thinking up new uses for
it in our environment.

 

Right now I am trying now to learn how best to use the '-script=malware'
option to scan our substantial network for infected machines.  But I am
finding that the resulting XML files are too large to review manually
(over 50,000 hosts).  So I am looking for some guidance as far as what
things to search the output file for.  I was originally thinking of IRC
ports or SMTP ports, but that is not proving very fruitful.

 

Has anyone developed a productive routine to accomplish this task?  If
not can you suggest some ideas about how I could begin to develop one
for our organization?

Dan Rathbun
Information Security Director   
CISSP, GSLC, GSEC, GLEG and G7799 Certified

D 978.930.5656
dan.rathbun () aecom com

AECOM
515 South Flower Street, 4th Floor
Los Angeles, CA 90071-2201

http://www.aecom.com <http://www.aecom.com/> 

This communication is intended for the sole use of the person(s) to whom
it is addressed and may contain information that is privileged,
confidential or subject to copyright.  Any unauthorized use, disclosure
or copying of this communication is strictly prohibited.  If you have
received this communication in error, please contact the sender
immediately.  Any communication received in error should be deleted and
all copies destroyed.

 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org