Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- June 1, 2004
- Updated:
- February 13, 2007 12:23:55 PM
- Also Known As:
- Worm.Win32.Padobot.e [Kaspersk, W32/Korgo.worm.g [McAfee], WORM_KORGO.F [Trend]
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows XP
W32.Korgo.F is a minor variant of W32.Korgo.E. It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP ports 113, 3067, and other random ports.
Notes:
- Rapid Release virus definitions version 6/2/2004 rev 17 (sequence number 31552) or greater detect this threat specifically as W32.Korgo.F.
- Virus definitions version 60408w (extended version 4/8/2004 rev. 23) detect this threat as Bloodhound.Packed.
Symantec Security Response has developed a removal tool to clean infections of W32.Korgo.F.
Antivirus Protection Dates
- Initial Rapid Release version June 2, 2004
- Latest Rapid Release version September 28, 2010 revision 054
- Initial Daily Certified version June 2, 2004
- Latest Daily Certified version September 28, 2010 revision 036
- Initial Weekly Certified release date June 2, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 50 - 999
- Number of Sites: More than 10
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Moderate
Damage
- Damage Level: Medium
Distribution
- Distribution Level: Medium
Writeup By: Maryl Magee
