RE: MSBlast CLI scanner (unix)?


There is no reliable way to detect if a computer is infected with
blaster without logging into it and looking for the reg key or the
executable. The backdoors (tftp and 4444) are not permanent. ISS
X-Force released a great scanner for the vulnerability itself. It does
two different checks to see if a box is patched, and it will detect the
difference between a machine that has DCOM disabled or if it is patched.
It's available here: