Korgo.M

Korgo.M is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.

Korgo.M opens the TCP port 3067 and listens to it, waiting for a file to be executed in the affected computer. In addition, it attempts to connect to several IRC servers.

Korgo.M only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.

If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.


Has Avast already a update for Korgo.M?

Patch the OS :stuck_out_tongue: I think they’ll release VPS update today or maybe tomorrow (i guess :stuck_out_tongue: )

I have already patched my system :wink:

Brief Description

Korgo.N is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.

Korgo.N connects to several web sites, to which it sends information on the country in which the affected computer is. It also attempts to download files from these web sites.

Korgo.N only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.

If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.

Korgo.O is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.

Korgo.O connects to several web sites, to which it sends information on the country in which the affected computer is. It also attempts to download files from these web sites.

Korgo.O only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.

If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.

Korgo.P is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.

Korgo.P connects to several web sites, to which it sends information on the country in which the affected computer is. It also attempts to download files from these web sites.

Korgo.P only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.

If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.

Nasty sttttuter you have got there, Stephan123,

Since these are virtually identical M, N, O and P varients and all exploit the lsass vulnerability. A line to that effect in the initial post would have covered it.

Microsoft Security Bulletin MS04-011

thanks DavidR.I had already patched my system ;).For other people is it good.I post here other Korgo variants if they are coming out

Korgo.Q is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.

Korgo.Q connects to several web sites, to which it sends information on the country in which the affected computer is. It also attempts to download files from these web sites.

Korgo.Q only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.

If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.

Korgo.R is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.

Korgo.R connects to several web sites, to which it sends information on the country in which the affected computer is. It also attempts to download files from these web sites.

Korgo.R only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.

If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.

Korgo.S is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.

Korgo.S connects to several web sites, to which it sends information on the country in which the affected computer is. It also attempts to download files from these web sites.

Korgo.S only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.

If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.

Basically they are variants of the Korgo virus and it would appear that they exploit the same lsass vulnerability.

Unless their is a change in the way infection occurs (in which case it would probably be called something different) then a search on Korgo would be all that is required to find the information.

So I don’t think it’s necessary to post every varient since the only thing changing in your posts would be the letter M,O,N,P, etc. Just my opinion.

Okay i shouldn’t do that anymore :wink:

FULL ACK…

Hi Stephan,
if you want a real challenge, keep track of the AGOBOT, SPYBOT & SDBOT variants…

;D ;D :wink:

no thanks :wink: