存档

文章标签 ‘confiker scanner’

Simple Conficker Scanner v2

2009年5月3日 评论已被关闭

 Today we released version 2 of our Simple Conficker Scanner (SCSv2). It contains a new scanning method which allows for detection of machines infected with the recent Conficker version (D or E, depending on the naming scheme – the tool calls it D). Although the patch to the vulnerable function NetpwPathCanonicalize() was updated in the new variant, the RPC response codes for specially crafted requests are still different for infected machines. This enabled us to write a network scanner to distinguish Conficker zombies from clean hosts. The scanning results look like this: 阅读全文…

分类: 技术点滴 标签: