NMAP 4.85BETA remotely detects Conficker worm
Its rather old news but Nmap 4.85beta7 is capable of detecting Conficker worm remotely along with many other improvements. Check out announcement at insecure.org.
By the time, I wrote this article Nmap 4.85Beta 8 was also available.
#nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1
A clean machine should report at the bottom: "Conficker: Likely Clean", while likely infected machines report "Conficker: Likely INFECTED". Refer to How to use Nmap to scan very large networks for Conficker? at nmap development page.
By the time, I wrote this article Nmap 4.85Beta 8 was also available.
You can download it (whichever latest available) from http://nmap.org/download.html
CLI for detecting Conficker worm using nmap is#nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1
A clean machine should report at the bottom: "Conficker: Likely Clean", while likely infected machines report "Conficker: Likely INFECTED". Refer to How to use Nmap to scan very large networks for Conficker? at nmap development page.
You can download paper on Conficker from honeynet.org.
Never miss an update. Subscribe and follow to stay informed. Delivered Every Tuesday.
We hate spam too, we will never share your details.
Mandar Pise
Opinions expressed by techsutram contributors are their own. More details
Mandar is a seasoned software professional for more than a decade. He is Cloud, AI, IoT, Blockchain and Fintech enthusiast. He writes to benefit others from his experiences. His overall goal is to help people learn about the Cloud, AI, IoT, Blockchain and Fintech and the effects they will have economically and socially in the future.
Weekly Newsletter
Never miss an update. Subscribe and follow to stay informed.
Delivered Every Tuesday.
Delivered Every Tuesday.
Thank you! You have successfully subscribed to our newsletter.
We hate spam too, we will never share your details.
No comments:
Post a Comment
Your valuable comments are welcome. (Moderated)