Tuesday, March 31, 2009

MORE CONFLICKER - CHECK FOR INFECTION

CONFLICKER UPDATE:

Symantec's got a pretty simple (and free) tool specifically for Conficker:
Download this file on an uninfected computer, follow the steps, and you should be okay.

Or.

Doxpara Research has release a 'scanner' to check for conflicker infection.

Security expert Dan Kaminsky, working with the Honeynet Project's Tillmann Werner and Felix Leder, have discovered an easier way to detect if a machine on a network is infected by Conflicker.
Dan writes:"What we've found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it's infected with Conficker, and it will tell you.

Go here:
http://www.doxpara.com/
download the scanner:
http://www.doxpara.com/scs.zip
Extract to folder and run it against your workstaions and servers:
Open command window - Start>run>type 'cmd'

Navigate to the exanded directory and 'run' the scanner on each individual computer.
Example:
C:\ yourdesktop \scs\scs>scs.exe 192.168.31.2
[For the admins out you can use a host file for a range of IPs]

If you are unsure of how to find your IP address.
Open up command windows - - Start>run>type 'cmd' then type in "ipconfig /all"
[If you don't know how to navigate in the DOS window check this out:
http://www.online-tech-tips.com/computer-tips/how-to-use-dos-command-prompt/ ]

Update - Another way to scan:
1. Download and install Python 2.6.1: [www.python.org] [python.org]
2. Download Impacket from [oss.coresecurity.com] [coresecurity.com] (or maybe [pypi.zestsoftware.nl] [zestsoftware.nl] or some other mirror)
3. Download the scanner from [iv.cs.uni-bonn.de] [uni-bonn.de]
4. Unpack Impacket into a folder, then install Impacket from a command line with c:\python26\python setup.py install
5. Run the scanner with the command c:\python26\python scs.py [starting_ip] [ending_ip]

No comments:

Post a Comment