Login: Support | Partner    
 
Home » Learning Center » Task: Conficker Search 

Task: Conficker Search

Conficker is a computer worm that occured in fall 2008. It threatens Windows operating systems and caused numerous network failures with significant financial damage. The worm takes advantage of a security hole in the operating system and is self-updating.

Microsoft Bulletin MS08-067 describes the most important security hole that is exploited by Conficker to attack the corresponding systems.

Search methods for vulnerability and infection

top^

Using the Greenbone Security Manager two methods are recommended for the search:

  • Non-invasive search for the security holes described by Microsoft in Bulletin MS08-067, including the Conficker worm.

  • Invasive search for the security holes described by Microsoft in Bulletin MS08-067, including the Conficker worm.

The first method is able to detect the presence of the vulnerability. The second method goes as far as exploiting the vulnerability to be certain that it is indeed present. Admittedly, this may cause outages of the corresponding systems and thus should be executed with appropriate prudence.

Execute search for vulnerability and Conficker

top^
  1. Import the scan configuration Conficker Search or, for the invasive search, the scan configuration Invasive Conficker Search.

  2. If the target systems do not allow anonymous access, create credentials to provide the scan engine with access to the target systems. If not done yet, create a corresponding user account on the Windows systems (a low privileged user account is sufficient).

  3. Define the target systems (targets) and, if applicable, choose the respective credentials.

  4. Now you can create the actual task. This means to combine the imported scan configuration with the newly created targets.

  5. The search is started by clicking on of the respective task. It can take a while for the scan to complete. To update the view with the current progress, click on .

  6. As soon as the status changes to "Done" the complete report is available. At any time you can review the intermediate results. Here is an example for a system where the vendor security update for MS08-67 has not been installed.