MS04-011: Korgo.F Internet Worm 1st MEDIUM RISK virus for June

Discussion in 'other security issues & news' started by the mul, Jun 5, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Jul 31, 2003
    Here's a summary for the 1st MEDIUM RISK virus for June:

    MS04-011: Korgo.F Internet Worm - Medium Risk

    This self-executing worm spreads by exploiting a Microsoft Windows vulnerability:

    MS04-011 vulnerability (CAN-2003-0533)

    The worm spreads with a random filename and acts as a remote access server to allow an attacker to control the compromised system. It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 1010:cool: on TCP port 445. It also listens on TCP ports 113 and 3067.

    Symantec Security Response has published a removal tool to clean
    infections of W32.Korgo.F

    Ports: TCP 445, 113, 3067, and 6667. May listen on random ports as well.

    Secunia also declares Medium Risk

    The MUL
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.