[nsp-sec] Simple Conficker Scanner v2
Smith, Donald
Donald.Smith at qwest.com
Wed Apr 15 16:11:24 EDT 2009
Conficker.E can be identified via RPC response codes. uni-bonn.de has just released Simple Conficker Scanner v2 which is now capable of detecting conficker.E infected machines via NetpwPathCanonicalize()
calls. SCSv2 is freely available from https://iv.cs.uni-bonn.de/conficker/ .
There is a slight difference between various teams on which versions is which, uni-bonn.de's E is some vendors D.
All of this is public and can be shared.
(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia
More information about the nsp-security
mailing list