the mul
June 5th, 2004, 02:52 PM
Here's a summary for the 1st MEDIUM RISK virus for June:
MS04-011: Korgo.F Internet Worm - Medium Risk
http://www.symantec.com/avcenter/venc/data/w32.korgo.f.html
This self-executing worm spreads by exploiting a Microsoft Windows vulnerability:
MS04-011 vulnerability (CAN-2003-0533)
http://www.microsoft.com/technet/security/...n/MS04-011.mspx
The worm spreads with a random filename and acts as a remote access server to allow an attacker to control the compromised system. It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 10108) on TCP port 445. It also listens on TCP ports 113 and 3067.
Symantec Security Response has published a removal tool to clean
infections of W32.Korgo.F
http://securityresponse.symantec.com/avcen...moval.tool.html
Ports: TCP 445, 113, 3067, and 6667. May listen on random ports as well.
Secunia also declares Medium Risk
http://secunia.com/virus_information/9767/korgo.f/
The MUL
MS04-011: Korgo.F Internet Worm - Medium Risk
http://www.symantec.com/avcenter/venc/data/w32.korgo.f.html
This self-executing worm spreads by exploiting a Microsoft Windows vulnerability:
MS04-011 vulnerability (CAN-2003-0533)
http://www.microsoft.com/technet/security/...n/MS04-011.mspx
The worm spreads with a random filename and acts as a remote access server to allow an attacker to control the compromised system. It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 10108) on TCP port 445. It also listens on TCP ports 113 and 3067.
Symantec Security Response has published a removal tool to clean
infections of W32.Korgo.F
http://securityresponse.symantec.com/avcen...moval.tool.html
Ports: TCP 445, 113, 3067, and 6667. May listen on random ports as well.
Secunia also declares Medium Risk
http://secunia.com/virus_information/9767/korgo.f/
The MUL