Login: Support | Partner    
Home » Task: Conficker Search 

Task: Conficker Search

ATTENTION: This page is not maintained anymore and will eventually be removed.
The current state can be found in the Online Version of the GSM user manual at the TechDoc portal.

Conficker is a computer worm that occured in fall 2008. It threatens Windows operating systems and caused numerous network failures with significant financial damage. The worm takes advantage of a security hole in the operating system and is self-updating.

Microsoft Bulletin MS08-067 describes the most important security hole that is exploited by Conficker to attack the corresponding systems.

Search methods for vulnerability and infection


Using the Greenbone Security Manager two methods are recommended for the search:

  • Non-invasive search for the security holes described by Microsoft in Bulletin MS08-067, including the Conficker worm.

  • Invasive search for the security holes described by Microsoft in Bulletin MS08-067, including the Conficker worm.

The first method is able to detect the presence of the vulnerability. The second method goes as far as exploiting the vulnerability to be certain that it is indeed present. Admittedly, this may cause outages of the corresponding systems and thus should be executed with appropriate prudence.

Execute search for vulnerability and Conficker

  1. Import the scan configuration Conficker Search or, for the invasive search, the scan configuration Invasive Conficker Search.

  2. If the target systems do not allow anonymous access, create credentials to provide the scan engine with access to the target systems. If not done yet, create a corresponding user account on the Windows systems (a low privileged user account is sufficient).

  3. Define the target systems (targets) and, if applicable, choose the respective credentials.

  4. Now you can create the actual task. This means to combine the imported scan configuration with the newly created targets.

  5. The search is started by clicking on of the respective task. It can take a while for the scan to complete. To update the view with the current progress, click on .

  6. As soon as the status changes to "Done" the complete report is available. At any time you can review the intermediate results. Here is an example for a system where the vendor security update for MS08-67 has not been installed.