Welcome to the Virus Encyclopedia of Panda Security.
|Effects: || |
It connects to several web sites, to which it sends information and from which it downloads several files. It spreads by exploiting the LSASS vulnerability.
|First detected on:||June 22, 2004|
|Detection updated on:||June 22, 2004|
|Yes, using TruPrevent Technologies|
Korgo.R is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.
Korgo.R connects to several web sites, to which it sends information on the country in which the affected computer is. It also attempts to download files from these web sites.
Korgo.R only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.
If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.
Korgo.R is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
Although Korgo.R exploits the LSASS vulnerability, it does not restart the computer, a typical characteristic of those malware exploiting the already mentioned vulnerability, in order not to give evidence of its presence in the affected computer.