IT Trenches » ms08-067 http://itknowledgeexchange.techtarget.com/it-trenches Fri, 19 Nov 2010 14:37:59 +0000 en-US hourly 1 Simple Conficker Scanner tool released – find the infected machines http://itknowledgeexchange.techtarget.com/it-trenches/simple-conficker-scanner-tool-released-find-the-infected-machines/ http://itknowledgeexchange.techtarget.com/it-trenches/simple-conficker-scanner-tool-released-find-the-infected-machines/#comments Tue, 31 Mar 2009 15:32:22 +0000 Troy Tate http://itknowledgeexchange.techtarget.com/it-trenches/simple-conficker-scanner-tool-released-find-the-infected-machines/ A Simple Conficker Scanner (SCS) tool has been released by members of the Honeynet Project. This tool can be run under linux or Windows. It runs a specially crafted RPC query against a host or range of IP addresses. The tool will tell if systems are clean or potentially infected. I am running this tool against hosts on my network and I found a Windows 2000 server apparently infected by Conficker. I am in the process of clean-up on that host. It looks like a couple of things contributed to the infection on this computer:

1. Out of date anti-virus. The antivirus signatures had not been updated since January 2008.

2. Microsoft patches not applied.

Folks, the advice about maintaining up-to-date AV and applying patches is good advice. Heed the warnings and save yourself some troubles of clean-up. I will be having a discussion with my operations team about this situation and make it clear that we should have been prepared for this and this situation should not have arisen.

I am also following the advice from McAfee on Combating the Conficker worm

For more details on how the Conficker worm actually works, follow the links in my blog

The Conficker Analysis – are you ready for April 1?

Thanks for reading. Let’s continue to be good network citizens.

]]> http://itknowledgeexchange.techtarget.com/it-trenches/simple-conficker-scanner-tool-released-find-the-infected-machines/feed/ 0