Nmap Development mailing list archives
Conficker.D ???
From: "Rathbun, Dan" <Dan.Rathbun () aecom com>
Date: Thu, 2 Apr 2009 11:51:32 -0700
We had a machine in Asia PAC trigger our IDS systems as Conficker infected this morning. I immediately scanned it with an up-to-the-minute copy of Nmap svn and it came back clean. Local support is attending to it, but with the time differences I am unable to find out what they discovered, at least for a few more hours. But all this has me thinking. If a Conficker.C machine successfully updated itself, will it still be discoverable with this method? It seems to me, that the author of Conficker has significant skills and surely must has seen all the news about being able to detect the infection remotely. Have we seen any proof yet that Conficker.D or whatever they will call it, is still vulnerable to t his type of detection? -Dan Rathbun _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Hard loop while Conficker scanning shorejsi2 (Apr 02)
- Re: Hard loop while Conficker scanning Ron (Apr 02)
- Re: Hard loop while Conficker scanning shorejsi2 (Apr 02)
- Re: Hard loop while Conficker scanning Ron (Apr 02)
- Conficker.D ??? Rathbun, Dan (Apr 02)
- Re: Conficker.D ??? Ron (Apr 02)
- Re: Conficker.D ??? jah (Apr 02)
- Re: Hard loop while Conficker scanning shorejsi2 (Apr 02)
- Re: Hard loop while Conficker scanning Ron (Apr 02)