Detect conflicker in our LAN

Another conflicker variant force us to behave like paranoid. Any tool that might help us to detect it get more attention, specially when it’s free icon smile Detect conflicker in our LAN

Detect from Windows machine :

Download detector from Florian Roth, click here.

Save and extract to any folder, I choose C.

Make sure to run it from comman line :

C:\scs2-win32>scs2.exe 172.88.1.95  172.88.1.100

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009
Compiled for Win32 environments by Florian Roth

[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
Done

Detect from Linux machine ( I use Ubuntu 9.04 server) :

# apt-get install python-impacket

# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip

# unzip scs2.zip

# cd scs2

# ./scs2.py 172.88.1.1 172.88.1.50

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009

[UNKNOWN]  172.88.1.10: No response from port 445/tcp.
[UNKNOWN]  172.88.1.14: No response from port 445/tcp.
[UNKNOWN]  172.88.1.8: No response from port 445/tcp.
[UNKNOWN]  172.88.1.5: No response from port 445/tcp.
[UNKNOWN]  172.88.1.9: No response from port 445/tcp.
[CLEAN]    172.88.1.43: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.25: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.50: No response from port 445/tcp.[CLEAN]    172.88.1.22: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.23: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.

[CLEAN]    172.88.1.34: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.29: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.28: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[INFECTED] 172.88.1.47: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
[CLEAN]    172.88.1.48: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.38: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.42: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.27: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.1: No response from port 445/tcp.
[UNKNOWN]  172.88.1.4: No response from port 445/tcp.
[UNKNOWN]  172.88.1.6: No response from port 445/tcp.
[UNKNOWN]  172.88.1.7: No response from port 445/tcp.
[UNKNOWN]  172.88.1.11: No response from port 445/tcp.
[UNKNOWN]  172.88.1.12: No response from port 445/tcp.
[UNKNOWN]  172.88.1.13: No response from port 445/tcp.
[UNKNOWN]  172.88.1.16: No response from port 445/tcp.

[UNKNOWN]  172.88.1.17: No response from port 445/tcp.
[UNKNOWN]  172.88.1.18: No response from port 445/tcp.
[UNKNOWN]  172.88.1.19: No response from port 445/tcp.
[UNKNOWN]  172.88.1.20: No response from port 445/tcp.
[UNKNOWN]  172.88.1.21: No response from port 445/tcp.
[UNKNOWN]  172.88.1.26: No response from port 445/tcp.
[UNKNOWN]  172.88.1.30: No response from port 445/tcp.
[UNKNOWN]  172.88.1.31: No response from port 445/tcp.
[UNKNOWN]  172.88.1.32: No response from port 445/tcp.
[UNKNOWN]  172.88.1.33: No response from port 445/tcp.
[UNKNOWN]  172.88.1.35: No response from port 445/tcp.
[UNKNOWN]  172.88.1.36: No response from port 445/tcp.
[UNKNOWN]  172.88.1.37: No response from port 445/tcp.
[UNKNOWN]  172.88.1.39: No response from port 445/tcp.
[UNKNOWN]  172.88.1.40: No response from port 445/tcp.
[UNKNOWN]  172.88.1.41: No response from port 445/tcp.
[UNKNOWN]  172.88.1.44: No response from port 445/tcp.
[UNKNOWN]  172.88.1.45: No response from port 445/tcp.
[UNKNOWN]  172.88.1.46: No response from port 445/tcp.
[UNKNOWN]  172.88.1.49: No response from port 445/tcp.

Detect using FreeBSD machine :

# cd /usr/ports/net/py-impacket && make install

# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip

# unzip scs2.zip &&  cd scs2

# python scs2.py 172.88.1.90 172.88.1.100
WARNING: Crypto package not found. Some features will fail.

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009

[CLEAN]    172.88.1.90: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.100: No response from port 445/tcp.
[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
[UNKNOWN]  172.88.1.92: No response from port 445/tcp.
[UNKNOWN]  172.88.1.91: No response from port 445/tcp.
[UNKNOWN]  172.88.1.93: No response from port 445/tcp.
[UNKNOWN]  172.88.1.94: No response from port 445/tcp.
[UNKNOWN]  172.88.1.95: No response from port 445/tcp.
[UNKNOWN]  172.88.1.97: No response from port 445/tcp.
[UNKNOWN]  172.88.1.98: No response from port 445/tcp.
[UNKNOWN]  172.88.1.99: No response from port 445/tcp.
Done
#

Time to patch those infected machine.