Individuals who use an Korgo-infected system could expose personal data such as social security numbers and mothers' maiden names and also credit card numbers and other financial information. The fact that Korgo can capture keystrokes on machines that it infects increases the threat that it poses considerably. Anti-virus firms have detected yet another worm exploiting the Local Security Authority Subsystem Service (LSASS) vulnerability that was patched by Microsoft in its April batch of security updates. Open ports that allow back door access to the infected system. Insert a value into the Registry to guarantee that this worm will start every time the infected system boots.Īttempt to connect to certain IRC chat servers such as, ,, , london.uk.eu., washington.dc.us., los-angeles.ca.us., brussels.be.eu., .eu., flanders.be.eu., graz.at.eu.,, and. The executable has a randomly-determined name. Under certain conditions copy themselves into the system folder (%systemroot%) on each system they infect. Although each version is somewhat different from the others, similarities between different versions exist in that they:Ĭreate a mutex that allows only one version of Korgo to run an any time. Various mutants of the Korgo worm have been identified. It exploits a buffer overflow vulnerability in Windows Local Security Authority System Services (lsass.exe), as described in Microsoft Security Bulletin 04-011.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |