On Mon, Mar 30, 2009 at 5:36 AM, Glen Johnson <gjohn...@vhcc.edu> wrote:
> We need to set up something that will detect this virus and possibly any > future virus outbreaks. Seen online this morning, maybe this will help: ------------------------------------------------------------- The Honeynet Project has discovered an anomaly in Conficker that makes it possible to detect infected hosts with an elaborate fingerprint scan over the network. This is great news if you suspect an infection and have no other means to check, or if you simply want to double-check information that your other defense mechanisms (IDS, AntiVirus, etc) provide. The write-up and scanning tool are available on the Honeynet Website. Nessus Plug-In 36036: www.nessus.org Instructions on how to scan for Conficker with NMAP: http://www.skullsecurity.org/blog/?p=209 Be careful when searching for any of these tools with a search engine. A good part of the search results returned on the keyword "Conficker" are scare-ware and fake anti-virus that try to cash in on the Conficker scare. We have a summary of removal tools with links available on isc.sans.org/conficker ---------------------------------------------------------- More here with links: http://isc.sans.org/diary.html?storyid=6097&rss -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-895-3270 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
