Korgo Worm Detection Network Vulnerability

Summary

The remote host is probably infected with Korgo worm. It propagates by exploiting the LSASS vulnerability on TCP port 445 (as described in Microsoft Security Bulletin MS04-011) and opens a backdoor on TCP ports 113 and 3067.

Solution

- Disable access to port 445 by using a firewall - Apply Microsoft MS04-011 patch.

References

http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.c.html
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

RemoteNC detection
MPEi/X Default Accounts
Korgo worm detection
Trojan horses
osCommerce infected with malware

Take action and discover your vulnerabilities