MS04-011: Korgo.F Internet Worm 1st MEDIUM RISK virus for June

Discussion in 'other security issues & news' started by the mul, Jun 5, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,704
    Location:
    scotland
    Here's a summary for the 1st MEDIUM RISK virus for June:

    MS04-011: Korgo.F Internet Worm - Medium Risk
    http://www.symantec.com/avcenter/venc/data/w32.korgo.f.html

    This self-executing worm spreads by exploiting a Microsoft Windows vulnerability:

    MS04-011 vulnerability (CAN-2003-0533)
    http://www.microsoft.com/technet/security/...n/MS04-011.mspx

    The worm spreads with a random filename and acts as a remote access server to allow an attacker to control the compromised system. It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 1010:cool: on TCP port 445. It also listens on TCP ports 113 and 3067.

    Symantec Security Response has published a removal tool to clean
    infections of W32.Korgo.F
    http://securityresponse.symantec.com/avcen...moval.tool.html

    Ports: TCP 445, 113, 3067, and 6667. May listen on random ports as well.

    Secunia also declares Medium Risk
    http://secunia.com/virus_information/9767/korgo.f/


    The MUL
     
    the mul, Jun 5, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...