|
 |
|
Korgo.B
|
|
|
First Report:
|
2004-05-24 11:37
|
|
Last Update:
|
2004-11-01 05:49
|
|
|
Risk Rating:
|
Very Low Risk
|
|
|
Aliases:
|
Korgo.B
W32.Korgo.B
W32/Korgo-B
W32/Korgo.B.worm
W32/Korgo.worm.b
W32/Padobot.worm.b
Win32.Korgo.B
Win32/Korgo.B.Worm
Worm.W32.Padobot
Worm.Win32.Padobot
Worm.Win32.Padobot.a
Worm.Win32.Padobot.b
WORM_KORGO.B
|
|
|
|
Information From AntiVirus Vendors
|
|
|
|
|
Below you will find virus information from different antivirus vendors included in this Secunia Virus Profile. Information about the virus along with links to removal tools will be listed below when available.
The information provided is sorted by the date on which the information first became publicy available on the antivirus vendors' websites. The earliest available reports are displayed first. Please note timestamps are in GMT+1.
|
|
|
#1 - SYMANTEC
|
| |
|
|
W32.Korgo.B
|
Severity:
2/5
|
File Size:
10,240 bytes
|
| |
|
|
Reported:
2004-05-24 11:37
|
Last Update:
2004-06-16 23:38
|
| |
Description:
W32.Korgo.B is a worm that propagates by exploiting the LSASS vulnerability on TCP port 445 (as described in Microsoft Security Bulletin MS04-011). The worm also listens on TCP ports 113, 2041, and 3067, and allows unauthorized access to the infected computer.
|
| |
|
Full Report From Vendor
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2004-05-24 21:07
|
File size was changed.
New:
"10,240 bytes"
Old:
"10240"
|
| |
|
|
2004-05-24 18:23
|
Description was changed.
New:
"W32.Korgo.B is a worm that propagates by
exploiting the LSASS vulnerability on TCP
port 445 (as described in Microsoft Security
Bulletin MS04-011). The worm also listens on
TCP ports 113, 2041, and 3067, and allows
unauthorized access to the infected computer.
"
Old:
"W32.Korgo.B is a worm that propagates by
exploiting the LSASS vulnerability on TCP
port 445 (as described in Microsoft Security
Bulletin MS04-011). The worm also listens on
TCP ports 113 and 3067, and allows
unauthorized access to the infected computer.
"
|
| |
|
|
2004-05-24 12:37
|
Severity was raised from 1/5 to 2/5.
|
|
|
|
|
|
#2 - TREND MICRO
|
| |
|
|
WORM_KORGO.B
|
Severity:
1/3
|
File Size:
-
|
| |
|
|
Reported:
2004-05-25 05:55
|
Last Update:
2004-10-01 05:42
|
| |
Description:
To propagate, this worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail in the following pages:
|
| |
|
Full Report From Vendor
|
|
|
#3 - PANDA ANTIVIRUS
|
| |
|
|
Korgo.B
|
Severity:
1/4
|
File Size:
-
|
| |
|
|
Reported:
2004-05-25 17:36
|
Last Update:
2004-10-01 05:45
|
| |
Description:
It opens several ports, connects to IRC servers and impedes the computer shutdown. It spreads by exploiting the LSASS vulnerability.
|
| |
|
Full Report From Vendor
|
|
|
#4 - MCAFEE
|
| |
|
|
W32/Korgo.worm.b
|
Severity:
3/7
|
File Size:
10,240 bytes
|
| |
|
|
Reported:
2004-05-26 23:00
|
Last Update:
2004-07-01 05:52
|
| |
Description:
The risk assessment of this threat was upgraded to Low-Profiled due media attention at the following link: http://www.internetnews.com/dev-news/article.php/3359681
|
| |
|
Full Report From Vendor
|
|
|
#5 - COMPUTER ASSOCIATES
|
| |
|
|
Win32.Korgo.B
|
Severity:
2/5
|
File Size:
-
|
| |
|
|
Reported:
2004-05-31 05:35
|
Last Update:
2004-10-01 05:51
|
| |
Description:
Win32.Korgo.B is a worm that spreads by exploiting the Microsoft Windows LSASS buffer overflow vulnerability. It also opens a backdoor that allows unauthorized access to an affected machine. When executed, Korgo.B creates a copy of itself in the %System% directory using a randomly-generated filename that is between 5 and 8 characters in length. For example:
|
| |
|
Full Report From Vendor
|
|
|
#6 - SOPHOS
|
| |
|
|
W32/Korgo-B
|
Severity:
/5
|
File Size:
-
|
| |
|
|
Reported:
2004-06-03 22:52
|
Last Update:
2004-11-01 05:49
|
| |
Description:
|
| |
|
Full Report From Vendor
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2004-11-01 05:49
|
Severity was decreased from 1/5 to /5.
|
| |
|
|
2004-10-01 05:49
|
Severity was raised from N/A to 1/5.
|
| |
|
|
2004-10-01 05:49
|
Description was changed.
New:
"N/A"
Old:
"W32/Korgo-B is a network worm using the LSASS
exploit to propagate. When executed the worm
copies itself to the Windows system folder
using a randomly generated name and creates
the following registry entry so that the worm
starts when a user logs on:"
|
|
|
|
|
|
Please note: The information that this Secunia Virus Profile is based on comes from a third party unless stated otherwise.
The grouping process is done completely automatically, therefore minor inconsistencies may occur. For more information about Secunia Virus Information, please read: About Virus Information.
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
