W32.Korgo.L is a variant of W32.Korgo.I
. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011
) on TCP port 445. It also listens on TCP ports 113, 3067, and other random ports (256-8191).
Symantec Security Response has developed a removal tool
to clean the infections of W32.Korgo.L.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.