Requesting a tool equivalent to the Scan utility offered by Microsoft that tells me if the machine is infected not that if has been patched. Must be able to scan subnets, of any size. The utility offered by Microsoft scans to inform you if your machine has not been patched we need the utility to verify the machine has been comprised with the **Blaster Worm** and or **Welchia** Worm.
Options to the Program:
- Scan subnets of Any size (GUI)
- Options to either clean the infected subnet or just scan the subnet
- Gui Output of machines that are Vulnerable, been Patched or are infected.
- Infected machines listed with a NBTSTAT ??"A so we have all the information of the host that is infected
- If possible clean infected machine or kill task of the infected machine or turn off the machine
- We have machines infected in a controlled environment to test it with the utility
**Welcihia Virus Infromation:**
- [login to view URL]
**Blaster Virus Information**
[login to view URL]
Some idea’s we have come up for for non intrusive detection?
- ICMP Ping flood detection
- 4444 Open (Can no longer use, it only used for transfering the worm)
- Checksum against the system and if we see it running the Welcia or the Blaster and tag it as infected
- Scan the system remotely for the infected file
- RPC DCOM scan
We need the utility ASAP.
Thanks
## Deliverables
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done. 2) Installation package that will install the software (in ready-to-run condition) on the platform(s) specified in this bid request. 3) Complete ownership and distribution copyrights to all work purchased.
## Platform
Windows XP, Windows 2000, Windows NT