Another conflicker variant force us to behave like paranoid. Any tool that might help us to detect it get more attention, specially when it’s free 🙂
Detect from Windows machine :
Download detector from Florian Roth, click here.
Save and extract to any folder, I choose C.
Make sure to run it from comman line :
C:\scs2-win32>scs2.exe 172.88.1.95 172.88.1.100
Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009
Compiled for Win32 environments by Florian Roth
[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be infected by Conficker B or C.
Done
Detect from Linux machine ( I use Ubuntu 9.04 server) :
# apt-get install python-impacket
# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip
# unzip scs2.zip
# cd scs2
# ./scs2.py 172.88.1.1 172.88.1.50
Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009
[UNKNOWN] 172.88.1.10: No response from port 445/tcp.
[UNKNOWN] 172.88.1.14: No response from port 445/tcp.
[UNKNOWN] 172.88.1.8: No response from port 445/tcp.
[UNKNOWN] 172.88.1.5: No response from port 445/tcp.
[UNKNOWN] 172.88.1.9: No response from port 445/tcp.
[CLEAN]   172.88.1.43: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be clean.
[CLEAN]   172.88.1.25: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be clean.
[UNKNOWN] 172.88.1.50: No response from port 445/tcp.[CLEAN]   172.88.1.22: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be clean.
[CLEAN]   172.88.1.23: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be clean.
[CLEAN]   172.88.1.34: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be clean.
[CLEAN]   172.88.1.29: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be clean.
[CLEAN]   172.88.1.28: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be clean.
[INFECTED] 172.88.1.47: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be infected by Conficker B or C.
[CLEAN]   172.88.1.48: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be clean.
[CLEAN]   172.88.1.38: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be clean.
[CLEAN]   172.88.1.42: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be clean.
[CLEAN]   172.88.1.27: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be clean.
[UNKNOWN] 172.88.1.1: No response from port 445/tcp.
[UNKNOWN] 172.88.1.4: No response from port 445/tcp.
[UNKNOWN] 172.88.1.6: No response from port 445/tcp.
[UNKNOWN] 172.88.1.7: No response from port 445/tcp.
[UNKNOWN] 172.88.1.11: No response from port 445/tcp.
[UNKNOWN] 172.88.1.12: No response from port 445/tcp.
[UNKNOWN] 172.88.1.13: No response from port 445/tcp.
[UNKNOWN] 172.88.1.16: No response from port 445/tcp.
[UNKNOWN] 172.88.1.17: No response from port 445/tcp.
[UNKNOWN] 172.88.1.18: No response from port 445/tcp.
[UNKNOWN] 172.88.1.19: No response from port 445/tcp.
[UNKNOWN] 172.88.1.20: No response from port 445/tcp.
[UNKNOWN] 172.88.1.21: No response from port 445/tcp.
[UNKNOWN] 172.88.1.26: No response from port 445/tcp.
[UNKNOWN] 172.88.1.30: No response from port 445/tcp.
[UNKNOWN] 172.88.1.31: No response from port 445/tcp.
[UNKNOWN] 172.88.1.32: No response from port 445/tcp.
[UNKNOWN] 172.88.1.33: No response from port 445/tcp.
[UNKNOWN] 172.88.1.35: No response from port 445/tcp.
[UNKNOWN] 172.88.1.36: No response from port 445/tcp.
[UNKNOWN] 172.88.1.37: No response from port 445/tcp.
[UNKNOWN] 172.88.1.39: No response from port 445/tcp.
[UNKNOWN] 172.88.1.40: No response from port 445/tcp.
[UNKNOWN] 172.88.1.41: No response from port 445/tcp.
[UNKNOWN] 172.88.1.44: No response from port 445/tcp.
[UNKNOWN] 172.88.1.45: No response from port 445/tcp.
[UNKNOWN] 172.88.1.46: No response from port 445/tcp.
[UNKNOWN] 172.88.1.49: No response from port 445/tcp.
Detect using FreeBSD machine :
# cd /usr/ports/net/py-impacket && make install
# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip
# unzip scs2.zip && cd scs2
# python scs2.py 172.88.1.90 172.88.1.100
WARNING: Crypto package not found. Some features will fail.
Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009
[CLEAN]   172.88.1.90: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be clean.
[UNKNOWN] 172.88.1.100: No response from port 445/tcp.
[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]: Seems to be infected by Conficker B or C.
[UNKNOWN] 172.88.1.92: No response from port 445/tcp.
[UNKNOWN] 172.88.1.91: No response from port 445/tcp.
[UNKNOWN] 172.88.1.93: No response from port 445/tcp.
[UNKNOWN] 172.88.1.94: No response from port 445/tcp.
[UNKNOWN] 172.88.1.95: No response from port 445/tcp.
[UNKNOWN] 172.88.1.97: No response from port 445/tcp.
[UNKNOWN] 172.88.1.98: No response from port 445/tcp.
[UNKNOWN] 172.88.1.99: No response from port 445/tcp.
Done
#
Time to patch those infected machine.