1. Symantec/
  2. Security Response/
  3. W32.Korgo.X


Risk Level 2: Low

July 9, 2004
February 13, 2007 12:25:42 PM
Also Known As:
W32/Korgo.worm.gen [McAfee]
Systems Affected:
CVE References:

W32.Korgo.X is a worm that attempts to spread by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445.

This variant also attempts to download and execute a file from a remote Web site.

Virus Definitions prior to August 18, 2004 detect some samples of W32.Korgo.X as W32.Korgo.AD

Antivirus Protection Dates

  • Initial Rapid Release version July 9, 2004
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version July 9, 2004
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date July 13, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Asuka Yamamoto, John Canavan

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube