Yet another computer worm that takes advantage of a Windows vulnerability is spreading, with the potential to cause serious headaches for users who are not protected. The Korgo worm, which first emerged last month, attempts to propagate by exploiting the same Microsoft (Nasdaq: MSFT - news) buffer-overrun vulnerability used by the nefarious Sasser virus. It affects computer users on Windows 2000 (news - web sites) and Windows XP (news - web sites), and potentially could open back doors on TCP ports 113 and 3067.
Confidential Data Under Attack
In its latest iteration, W32.Korgo.G, the worm could leave systems open to unauthorized access, resulting in the theft of confidential data and compromised security settings, according to security firm Symantec (Nasdaq: SYMC - news). Users are advised to stay current with security patches offered by Microsoft.
Korgo is a low threat that is spreading slowly, says Bruce Hughes of TruSecure, but he told NewsFactor that if it invades a machine, hackers could gain full access to the computer.
Latches Onto Chat Server
The worm essentially attaches itself to the IRC server, which handles online chat communications. Once inside, it can download any information in the computer, he explained.
Companies and individual users should block TC port 6667, which connects the computer to the IRC server, Hughes advises. With this outbound port blocked, he says, the worm cannot propagate.
As of this morning, the number of Korgo infections has tapered off after spiking on Wednesday, wreaking havoc primarily among consumers, according to Symantec.
Written by: Jay Wrolstad, www.enterprise-security-today.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment