W32.Korgo.I is a variant of W32.Korgo.G
. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 10108), described in Microsoft Security Bulletin MS04-011
. It uses TCP port 445 to do this.
W32.Korgo.I listens on TCP ports 113, 3067, and a random port (256-8191).
- Certified virus definitions, version 06/07/04 rev 49 (20040607.049) and greater are required to detect this threat.
- Definitions dated prior to June 29, 2004 detect this threat as W32.Korgo.H.
- Symantec Security Response has developed a removal tool to clean the infections of W32.Korgo.I.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.