MS04-011: Korgo.F Internet Worm 1st MEDIUM RISK virus for June

Discussion in 'other security issues & news' started by the mul, Jun 5, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Jul 31, 2003
    Here's a summary for the 1st MEDIUM RISK virus for June:

    MS04-011: Korgo.F Internet Worm - Medium Risk

    This self-executing worm spreads by exploiting a Microsoft Windows vulnerability:

    MS04-011 vulnerability (CAN-2003-0533)

    The worm spreads with a random filename and acts as a remote access server to allow an attacker to control the compromised system. It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 1010:cool: on TCP port 445. It also listens on TCP ports 113 and 3067.

    Symantec Security Response has published a removal tool to clean
    infections of W32.Korgo.F

    Ports: TCP 445, 113, 3067, and 6667. May listen on random ports as well.

    Secunia also declares Medium Risk

    The MUL
Thread Status:
Not open for further replies.