How to Scan a Windows Network for Conficker Virus from Mac OS X
Mac users are largely immune to the world of virus and trojans, but it’s not uncommon for you to be a Mac user in a LAN sea of Windows PC’s. The Conficker Virus is Windows only but it’s garnering a lot of attention, so if you’re on a Windows LAN at home, work, or school, you may want to check if the Windows machines are vulnerable or infected with Conficker. You can do this from your immune Mac OS X machine pretty easily with a cool command line utility called nmap. Here are the steps:
1) First you need to install the command line tool nmap, you can download the OS X install package from the official nmap site here. I recommend downloading the latest beta version to have the most up-to-date scanning scripts.
2) Use nmap to search your LAN for vulnerabilities to Conficker by using the following command:
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 192.168.0.1-254
Note: Be sure to substitute the IP range for your LAN, so this may be something other than the IP range above, like 10.1.1.10-100
3) Examine the output of nmap, you are looking for something like this to tell if you have a problem:
Host script results:
| MS08-067: FIXED
| Conficker: Likely INFECTED
|_ regsvc DoS: VULNERABLE
If you find a Windows PC that is likely infected, you can follow the following two Microsoft knowledge-base articles to help you out: Protection from Conficker for Consumers and Conficker Protection for IT Professionals – we won’t cover the details here because this is a Mac site.
Nobody really knows if Conficker is dangerous or not, but we’ll all likely find out soon as April 1st is some mystery execution date – it could be a joke or the Windows world could explode into calamity, we’ll see. You can read more about the nmap Conficker scan script we reference above here. It’s worth mentioning that you can install nmap with MacPorts, but the version included in MacPorts is nmap 4.60 and does not contain the script we want to use for this scan, which is why I recommend installing the latest beta version (as of now, nmap 4.85b5).