PaulDotCom mailing list archives

Poor Man's Conficker Checker

From: trklisted at networksamurai.org (mOses)
Date: Wed, 1 Apr 2009 14:21:35 -0400

The eEye scanner is pretty good and you can't beat the price, the NMAP  
one is also very good so you can actually use both for validation. The  
only point I would like to mention about it is that existing Retina  
customer should NOT install that executable and instead must update  
their retina scanners to the latest build to leverage the conficker  
checking algorithm.

One more thing to note is that the NMAP NSE scripts and most of these  
other scripts are somewhat 'beta' so please exercise caution as it is  
unknown weather services could fail as with any scan of this type.

Moses Hernandez
Fingerprint: 8A3A 9B36 0509 2B50 C2C9  A960 1A19 B165 A167 F4D7
moses at networksamurai.org
http://www.twitter.com/mosesrenegade

Mentor SANS560: Penetration Testing and Ethical Hacking. Miami in  
starting in April.
http://www.sans.org/mentor/details.php?nid=17383

On Apr 1, 2009, at 2:08 PM, Tim Krabec wrote:

Jokes based on his checker
http://www.kracomp.com/cfeyechart.html
http://www.kracomp.com/confickereyechart.html

and serious
free scanner from eeye
http://www.eeye.com/html/downloads/other/ConfickerScanner.html
also nmap has a scanner(free)



2009/4/1 John Sawyer <jsawyer at ufl.edu>
Or, maybe I should say, "Simple Man's Conficker Checker" since it is  
good for family and friends who might hurt themselves trying to run  
a checking tool.

And it is a really simple idea, yet brilliant. By leveraging  
Conficker's blocking of certain domains, you can do some simple  
detection of whether or not the machine you're sitting at is infected.

http://www.joestewart.org/cfeyechart.html

Kudos to Joe Stewart!!

-jhs

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



-- 
Tim Krabec
Kracomp
772-597-2349
smbminute.com
kracomp.blogspot.com
www.kracomp.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090401/8a8fd937/attachment.htm

Current thread:

Poor Man's Conficker Checker John Sawyer (Apr 01)
- Poor Man's Conficker Checker Robin Wood (Apr 01)
- Poor Man's Conficker Checker Tim Krabec (Apr 01)
  - Poor Man's Conficker Checker mOses (Apr 01)