Symantec Security Response: W32.Korgo.F - Level 3
Symantec Security Response: W32.Korgo.F - Level 3
Due to an increase in submissions in the last 12 hours, Symantec Security Response has upgraded W32.Korgo.F from a Level 2 to a Level 3 threat. Symantec Security Response has also raised the DeepSight ThreatCon to from a Level 1 to a Level 2.
W32.Korgo.F is a worm that attempts to propagate by exploiting a Microsoft Windows vulnerability publicly announced on April 13, 2004. (Microsoft LSASS Buffer Overrun Vulnerability - http://securityresponse.symantec.com/avcenter/security/Content/10108.html) This blended threat affects computer users on Windows 2000 and Windows XP. W32.Korgo.F will listen on TCP ports 113 and 3067 and could potentially open backdoors on those ports.
"W32.Korgo.F includes backdoor functionality that could leave systems open to unauthorized access, said Alfred Huger, senior director, Symantec Security Response. "This backdoor functionality could result in a loss of confidential data and may also compromise security settings. This threat is another strong example of why it is critical for computer users to be diligent in applying security patches , keeping virus definitions updated, and following best practices."
Symantec Security Response strongly advises users to apply the patch provided by Microsoft for the LSASS Buffer Overrun Vulnerability as soon as possible. In addition, Symantec recommends that users update their antivirus definitions to prevent exploitation of this threat. Users should also configure firewalls to block ports 113 and 3067.
More information and virus definitions are available at http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.f.html.
ENDS