smb-check-vulns.nse reports error on hosts possibly infected with Conficker

[Kit Peters <cpeters () ucmo edu>]

Environment: nmap / zenmap 6.01 on windows 7 64-bit.  Run against a
heterogeneous network (TV / radio station) of servers, workstations,
printers, and other embedded systems.
Expected behavior: Systems likely to be infected with Conficker are
reported as such
Actual behavior: Possibly infected systems (in a previous run on the same
system with nmap 5.50 they were reported as likely to be infected) generate
the error: "Conficker: UNKNOWN; got error NT_STATUS_WERR_INVALID_PARAMETER
(srvsvc.netpathcanonicalize)"

Discussion: When I ran a scan on the network with nmap 5.50 many of the
systems that generated the NT_STATUS_WERR_INVALID_PARAMETER error were
reported as likely to be infected with Conficker.C or lower.  One system in
particular (192.168.87.201) I am fairly certain is infected.  However, when
I updated to (ze)nmap 6.01, all of these systems instead gave me the above
error.

Complete nmap output attached.



-- 
-
Kit Peters (W0KEH), Engineer II
KMOS TV Channel 6 / KTBG 90.9 FM
University of Central Missouri
http://kmos.org/ | http://ktbg.fm/

Attachment: nmap smb-check-vulns scan 192.168.87.0-254.txt
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/