MS04-011: Korgo.F Internet Worm 1st MEDIUM RISK virus for June

Discussion in 'other security issues & news' started by the mul, Jun 5, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Here's a summary for the 1st MEDIUM RISK virus for June:

    MS04-011: Korgo.F Internet Worm - Medium Risk
    http://www.symantec.com/avcenter/venc/data/w32.korgo.f.html

    This self-executing worm spreads by exploiting a Microsoft Windows vulnerability:

    MS04-011 vulnerability (CAN-2003-0533)
    http://www.microsoft.com/technet/security/...n/MS04-011.mspx

    The worm spreads with a random filename and acts as a remote access server to allow an attacker to control the compromised system. It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 1010:cool: on TCP port 445. It also listens on TCP ports 113 and 3067.

    Symantec Security Response has published a removal tool to clean
    infections of W32.Korgo.F
    http://securityresponse.symantec.com/avcen...moval.tool.html

    Ports: TCP 445, 113, 3067, and 6667. May listen on random ports as well.

    Secunia also declares Medium Risk
    http://secunia.com/virus_information/9767/korgo.f/


    The MUL
     
Loading...
Thread Status:
Not open for further replies.