W32.Korgo.U is a variant of W32.Korgo.N
. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011
) on TCP port 445. It also listens on TCP ports 113, 5111, and a random port between 256 and 8191.
- Definitions dated prior to June 28, 2004 detect this threat as W32.Korgo.O.
- Symantec Security Response has developed a removal tool to clean the infections of W32.Korgo.U.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.