Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS04-011: Korgo.F Internet Worm - Medium Risk


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:03:50 AM

Posted 02 June 2004 - 01:52 PM

Here's a summary for the 1st MEDIUM RISK virus for June:

MS04-011: Korgo.F Internet Worm - Medium Risk
http://www.symantec.com/avcenter/venc/data/w32.korgo.f.html

This self-executing worm spreads by exploiting a Microsoft Windows vulnerability:

MS04-011 vulnerability (CAN-2003-0533)
http://www.microsoft.com/technet/security/...n/MS04-011.mspx

The worm spreads with a random filename and acts as a remote access server to allow an attacker to control the compromised system. It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 10108) on TCP port 445. It also listens on TCP ports 113 and 3067.

Symantec Security Response has published a removal tool to clean
infections of W32.Korgo.F

http://securityresponse.symantec.com/avcen...moval.tool.html

Ports: TCP 445, 113, 3067, and 6667. May listen on random ports as well.

Secunia also declares Medium Risk
http://secunia.com/virus_information/9767/korgo.f/

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users