W32.Downadup P2P Scanner Script for Nmap
Symantec’s Security Intelligence Analysis Team has collaborated with Nmap contributor Ron Bowes to aid in the development of an Nmap script that is able to detect hosts infected with W32.Downadup.C by enumerating the peer-to-peer (P2P) protocol used by the worm. The script has been made available to the public via nmap.org. The script has also been bundled in with the latest Nmap beta, nmap-4.85BETA8. If you are using an older version of Nmap that does not contain the Nmap scripting engine, you may want to download this updated version.
If you are new to using Nmap scripts I suggest that you check out Ron’s blog, which has lots of details on how to use the script with Nmap. Once you have located infected systems you can use the Symantec W32.Downadup Removal Tool to clean the infected system.
About Security Response Blog
Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:
Recently on Twitter
- Revamped Fake #Android Market for SMS Fraud http://t.co/mlrosRUH #malware10 Feb 2012
- Is Waledac spam dirtying the Russian 2012 elections? http://t.co/6gWaIyq610 Feb 2012
- Trojan.Activehijack found in the wild using a known #Office #vulnerability. http://t.co/7L8Xszwr09 Feb 2012
- Infostealer.Offsupload uploads 20000+ archives of stolen data to file sharing site http://t.co/5BBG51Go #Trojan08 Feb 2012
- #Android.Bmaster - Botmaster's profits exposed http://t.co/P8jOQP37 #malware08 Feb 2012