W32.Korgo.S is a variant of W32.Korgo.N
. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011
) on TCP port 445. It also listens on TCP port 113 and other random ports between 2000 and 8192.
- Definitions dated prior to June 28, 2004 detect this threat as W32.Korgo.M.
- Symantec Security Response has developed a removal tool to clean the infections of W32.Korgo.S.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.