Nmap 4.85 Beta6 released to detect Conficker Worm in corporate networks
Over the years, Nmap has been a great vulnerability assessment tool for corporate networks. It now offers the capability to identify hidden Conficker infections based on the recent discovery of it's "infection fingerprint" by the Honeynet Project researchers.
Nmap 4.85 Beta6 released to Scan for Conficker Worm
QUOTE: The Conficker worm is receiving a lot of attention because of its vast scale (millions of machines infected) and advanced update mechanisms. Its botnet army is scheduled for new updates and instructions starting on Wednesday (4/1), and nobody (except the bad guys) knows exactly what those instructions will be. We're not worried about the end of the Internet, so don't believe that hype, but it is a huge nuisance we can all help to clean up.
Thanks to excellent research by Tillmann Werner and Felix Leder of The Honeynet Project and implementation work by Ron Bowes, David Fifield, Brandon Enright, and Fyodor, we've rolled out a new Nmap release which can remotely scan for and detect infected machines. Nmap 4.85BETA5 is now available from the download page, including official binaries for Windows and Mac OS X. To scan for Conficker, use a command such as:
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]
4.85BETA6 is now available from the download page. It includes further Conficker detection improvements, among other changes.
Download 4.85BETA6 from here: