Korgo Worm Detection Network Vulnerability

Summary

The remote host is probably infected with Korgo worm. It propagates by exploiting the LSASS vulnerability on TCP port 445 (as described in Microsoft Security Bulletin MS04-011) and opens a backdoor on TCP ports 113 and 3067.

Solution

- Disable access to port 445 by using a firewall - Apply Microsoft MS04-011 patch.

References

http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.c.html
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Bofra Virus Detection
radmin detection
osCommerce infected with malware
Kuang2 the Virus
4553 Parasite Mothership Detect

Korgo worm detection

Take action and discover your vulnerabilities