W32.Korgo family of worms
Discovery began in May 2004
The W32.Korgo family of network worms began to surface in May 2004 and several variants have been released since that time. These worms propogate using the following vulnerabilities including:
- Exploits the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).
- It also listens on TCP port 113 and other random ports between 2000 and 8192.
Removal
You can find more information and removal instructions as well as tools for each variant from Symantec from the following links:
- W32.Korgo.AE
October 11, 2004
- W32.Korgo.AB
September 24, 2004
- W32.Korgo.Z
July 27, 2004
- W32.Korgo.X
July 9, 2004
- W32.Korgo.W
July 2, 2004
- W32.Korgo.V
June 24, 2004
- W32.Korgo.R
June 24, 2004
- W32.Korgo.P
June 23, 2004
- W32.Korgo.U
June 22, 2004
- W32.Korgo.T
June 21, 2004
- W32.Korgo.S
June 21, 2004
- W32.Korgo.L
June 17, 2004
- W32.Korgo.N
June 7, 2004
- W32.Korgo.I
June 7, 2004
- W32.Korgo.H
June 7, 2004
- W32.Korgo.G
June 2, 2004
- W32.Korgo.F
June 1, 2004
- W32.Korgo.E
May 31, 2004
- W32.Korgo.D
May 30, 2004
- W32.Korgo.C
May 25, 2004
- W32.Korgo.B
May 24, 2004
- W32.Korgo.A
May 22, 2004
|
