Conficker worm variants A, B and C are dependent on vulnerability in Microsoft server service. Microsoft had released an advisory MS08-067 back in October 2008 to address the above vulnerability. As was expected at that time, number of attacks are spreading, major one being Conficker worm.
We have plugins for OpenVAS, 900055 - secpod_ms08-067_900055.nasl 900056 - secpod_ms08-067_900056.nasl to detect patch condition of MS08-067. The plugin 900055 requires SMB credentials and verifies if the required hotfix is installed through Windows Registry and verifying the updated file versions. The plugin 900056 is a Proof of Concept exploit that tries to crash the server service (safe_checks has to be disabled). This can work on anonymous login credentials if the target system allows anonymous login (Windows 2000 by default allows anonymous login). The plugin checks the RPC response status of an un-patched system. Thanks, Chandra. _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
