01
Apr

Using Linux to Detect Conficker

I’ve got this from LinuxJournal. And to make the story short, install nmap-4.85BETA5 (download here) and run the command with parameters:

nmap -PN -d -p445 –script=smb-check-vulns –script-args=safe=1 [network_range]

where network range is either 192.168.10.1-255 or 192.168.10.0/24

and look for the results containing:

Host script results:
| smb-check-vulns:
| MS08-067: FIXED
| Conficker: Likely INFECTED
|_ regsvc DoS: VULNERABLE

or better yet, use grep to filter INFECTED and VULNERABLE

Tags:

Linux, Security, Virus | RSS 2.0 | Respond | Trackback |

Leave a Reply

Name and Email Address are required fields. Your email will not be published or shared with third parties.