Re: Nmap 4.85BETA5: Now with Conficker detection!

[Fyodor <fyodor () insecure org>]

On Mon, Mar 30, 2009 at 01:03:19PM -0700, Fyodor wrote:
> Hi All!  We found out just yesterday about new research by Tillmann
> Werner and Felix Leder of a way to anonymously scan for Conficker worm
> infections!  Ron sprang into action and added the detection to the
> smb-check-vulns NSE script!  I even had to infect one of my own
> systems for Ron to test with.  David and Brandon helped too.

And the script is already winning praise :).  I just found an article
at Darkreading.com which includes:

   I can't vouch for all of the tools listed in the list Dan included
   on his blog, but I did spend quite a bit of time testing Nmap,
   Simple Conficker Scanner (Honeynet Project) and Tenable Nessus this
   morning, and they pretty much all had the same results. The only
   real difference is price; the first two tools are free, while
   Nessus is only free for home users and corporate users pay a pretty
   reasonable $1,200/year.

   Of the three tools I've used, Nmap has been the top performer in
   regards to speed followed by Nessus and the Simple Conficker
   Scanner (SCS). The SCS tool is Python-based, which Dan Kaminsky has
   ported to Windows with py2exe so admins aren't required to install
   Python to use. The SCS tool wasn't very fast, although I did found
   that by performing an Nmap of the network first to find hosts
   listening on port 445/tcp and feeding that list to SCS, the scan
   time for SCS is greatly reduced. However, at that point, you might
   as well use Nmap.

   [Full article:
   http://www.darkreading.com/blog/archives/2009/03/conficker_detec.html]

I've posted an announcement of the new version and a link to more
news articles up at http://insecure.org.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org