Korgo Worm is on the move. The Korgo worm, which exploits a Windows buffer-overrun vulnerability, is spreading through computer networks, threatening to compromise security settings and expose confidential data to thieves.
The Korgo worm, which first emerged last month, attempts to propagate by exploiting the same Microsoft buffer-overrun vulnerability used by the nefarious Sasser virus. It affects computer users on Windows 2000 and Windows XP , and potentially could open back doors on TCP ports 113 and 3067."
Confidential Data Under Attack
In its latest iteration, W32.Korgo.G, the worm could leave systems open to unauthorized access, resulting in the theft of confidential data and compromised security settings, according to security firm Symantec . Users are advised to stay current with security patches offered by Microsoft.
Korgo is a low threat that is spreading slowly, says Bruce Hughes of TruSecure, but he told NewsFactor that if it invades a machine, hackers could gain full access to the computer.
Latches Onto Chat Server
The worm essentially attaches itself to the IRC server, which handles online chat communications. Once inside, it can download any information in the computer, he explained.
Companies and individual users should block TC port 6667, which connects the computer to the IRC server, Hughes advises. With this outbound port blocked, he says, the worm cannot propagate.
As of this morning, the number of Korgo infections has tapered off after spiking on Wednesday, wreaking havoc primarily among consumers, according to Symantec.
No comments:
Post a Comment