[tech] [Win] - Update on Conficker/Downadup mitigation methods - Network scanning tools now available

David Adam zanchey at ucc.gu.uwa.edu.au
Tue Mar 31 13:21:32 WST 2009


On Tue, 31 Mar 2009, AusCERT wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> AusCERT Update AU-2009.0013 - [Win]
> Update on Conficker/Downadup mitigation methods - Network scanning tools
> now available
> 31 March 2009
> 
>         AusCERT Update Summary
>         ----------------------
> 
> Operating System:     Windows
> Impact:               Execute Arbitrary Code/Commands
> Access:               Remote/Unauthenticated
> CVE Names:            CVE-2008-4250
> 
> Ref:                  AL-2009.0021
> 
> OVERVIEW:
> 
>       Mass scanning of networks for the presence of Windows machines infected
>       with the Conficker/Downadup worm is now possible thanks to the discovery
>       of unique signature an infected machine presents. [1]

Scanned the UCC subnet with the new nmap version, seems ok. Most machines 
should be running Sophos anyway.

[DAA]


More information about the tech mailing list