W32.Korgo.F is a minor variant of W32.Korgo.E
. It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011
) on TCP port 445. It also listens on TCP ports 113, 3067, and other random ports.
- Rapid Release virus definitions version 6/2/2004 rev 17 (sequence number 31552) or greater detect this threat specifically as W32.Korgo.F.
- Virus definitions version 60408w (extended version 4/8/2004 rev. 23) detect this threat as Bloodhound.Packed.
Symantec Security Response has developed a removal tool
to clean infections of W32.Korgo.F.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.