Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Conficker Detection

Information

Severity

Severity

Critical

Family

Family

Malware

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Mitigation

Created

Created

14 years ago

Modified

Modified

4 years ago

Summary

This host seems to be contaminated with infectious Conficker Worm.

Insight

Insight

Conficker is a worm that spreads on Windows Platforms. This malware could spread Windows file shares protected with weak passwords or to which a logged on domain administrator has access, by copying itself to removable storage devices and by exploiting the MS08-067 Windows Server service vulnerability. This malware generates infections files to set up to run as a service and also using a random name when Windows starts under system32, and tries to modify permissions on the service registry entries so that they are not visible to the user. Such registry entries are under, 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost' and 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RANDOM_SERVICE_NAME' The plugin determines Conficker variants B or C. It likely works against systems that allow anonymous login, otherwise Credentials can be supplied.

Affected Software

Affected Software

Microsoft Windows 2K Service Pack 4 and prior. Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2003 Service Pack 2 and prior.

Solution

Solution

The vendor has released updates. Please see the references for more information. Additionally use a Conficker Removal Tool, or a known Security Product to remove the conficker worm.

Common Vulnerabilities and Exposures (CVE)