Welcome to the Virus Encyclopedia of Panda Security.
It opens several ports, connects to IRC servers and impedes the computer shutdown. It spreads by exploiting the LSASS vulnerability.>>
|First detected on:||May 25, 2004|
|Detection updated on:||June 24, 2004|
Korgo.A is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.
Korgo.A listens to the TCP ports 113, 3067 and 2041 and connects to several IRC servers through the port 6667.
In addition, it is prepared for impeding the system shutdown.
Korgo.A only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.
If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.
Korgo.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
However, having problems with the system shutdown can be a clear symptom that your computer has been affected by Korgo.A.