Hello Tim,
-----Original Message----- From: Tim Brown [mailto:[email protected]] Sent: Thursday, April 02, 2009 5:36 AM To: [email protected] Cc: Chandrashekhar B; [email protected] Subject: Re: [Openvas-discuss] [Openvas-plugins] Conficker worm detection -OpenVAS plugins > The payload I submitted to you guys for MS08-067 is not the same as the one > used by nmap for ms08-067, nmap actuaally uses a different payload developed > later by one of my colleagues which is available from > http://labs.portcullis.co.uk/. I overlooked, just saw the reference in NMAP page to the above link and assumed so. > We may be able to use my first payload to detect Conficker but for that... > I/we need to run it against a Conficker infected box so that we see how it > responds... I will ask around but as I have some good contacts in the AV / > malware community. Indeed, we probably need to do that anyway so we can see > how the SMB function in openvas decode the respond - smb_rev() in > particular. That'll be useful. Thanks, Chandra. _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
