Its also in Nessus (home feed too): Plugin: http://www.nessus.org/plugins/index.php?view=single&id=36036
Updated as of thia AM with latest info (so update plugins first). Another good source for detection: http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/ Example: ./nessuscmd -p445 -U -V -i 36036 192.168.1.0/24 Cheers, Paul John Sawyer wrote: > The Conficker check is in the latest SVN version of Nmap. It's in the > smb-check-vulns.nse which now checks for Conficker, MS08-067 and a > regsvc DoS. > > nmap --script smb-check-vulns.nse -p445 > > For safety's sake, you might want to also run it with > --script-args=unsafe=1 to prevent possible crashes from the regsvc > check. That should not turn off the conficker check. > > -jhs > > On Mar 30, 2009, at 11:10 AM, Chris Merkel wrote: > >> According to this: >> http://www.theregister.co.uk/2009/03/30/conficker_signature_discovery/ >> >> A script should be released today to scan for conficker-infected >> machines over the wire. >> >> I looked at the NSE portal and haven't seen anything yet - would it >> show up there, or is there a development site or repository where this >> will first appear? >> >> I'd like to get a scan in before April 1st, when variant C drops. >> >> -- >> - Chris Merkel >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] <mailto:[email protected]> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > ------------------------------------------------------------------------ > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com -- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552 _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
