Welcome to the Virus Encyclopedia of Panda Security.
It opens several ports and connects to IRC servers. It spreads by exploiting the LSASS vulnerability.>>
|First detected on:||June 17, 2004|
|Detection updated on:||June 24, 2004|
|Yes, using TruPrevent Technologies|
Korgo.M is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.
Korgo.M opens the TCP port 3067 and listens to it, waiting for a file to be executed in the affected computer. In addition, it attempts to connect to several IRC servers.
Korgo.M only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.
If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.
Korgo.M is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
Although Korgo.M exploits the LSASS vulnerability, it does not restart the computer, a typical characteristic of those malware exploiting the already mentioned vulnerability, in order not to give evidence of its presence in the affected computer.