Mar 31 2009

Conficker

Tag: SystemsJoaquim Anguas @ 10:17 pm

As the time is coming, security professionals try to find weapons to fight conficker.

Seems that Dan Kaminsky (yes, this Dan Kaminsky) tricked researchers Felix Leder, and Tillman Werner @cs.uni-bonn.de to work on a very useful tool if effective: a network scanner that can detect infected computers remotely by how they answer concrete network requests.

You can find the scanner here and read Kaminsky’s post here.

Via arstechnica.

Hands on

You’ll need Python if you plan to run the scanner.

In the version I downloaded there was an indentation problem in line 107, because of mixed tabs and spaces. You have to select all code and then «Format» «Untabify Region».

You may not have Impacket installed. You can download it here. To install it, cd to the downloaded folder and run «python.exe setup.py install».