Mar 31

Conficker

Tag: SystemsJoaquim Anguas @ 10:17 pm

As the time is coming, security professionals try to find weapons to fight conficker.

Seems that Dan Kaminsky (yes, this Dan Kaminsky) tricked researchers Felix Leder, and Tillman Werner @cs.uni-bonn.de to work on a very useful tool if effective: a network scanner that can detect infected computers remotely by how they answer concrete network requests.

You can find the scanner here and read Kaminsky’s post here.

Via arstechnica.

Hands on

You’ll need Python if you plan to run the scanner.

In the version I downloaded there was an indentation problem in line 107, because of mixed tabs and spaces. You have to select all code and then «Format» «Untabify Region».

You may not have Impacket installed. You can download it here. To install it, cd to the downloaded folder and run «python.exe setup.py install».

3 Responses to “Conficker”

  1. caffeine buzz says:
    abril 1st, 2009 at 6:09 am

    even if someone used Conficker to steal my credit card info, there wouldn’t be any credit there for them to exploit or spend

  2. Vinoth says:
    julio 19th, 2009 at 4:24 pm

    Actually NMAP have a feature to detect conficker infected PC

  3. Joaquim Anguas says:
    julio 19th, 2009 at 4:58 pm

    Hello Vinoth,

    Yes I learnt about this feature some days after the post.
    I’ve had no experience using it…

    Thanks,

    Joaquim Anguas