Welcome to the Virus Encyclopedia of Panda Security.
It opens several ports and connects to IRC servers from which it can download files and execute them. It spreads by exploiting the LSASS vulnerability.
|First detected on:||July 5, 2004|
|Detection updated on:||July 5, 2004|
Korgo.X is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.
Korgo.X attempts to connect to several IRC servers, from which it can download files and then executed them in the affected computer.
Korgo.X only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.
If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.
Korgo.X is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
Although Korgo.X exploits the LSASS vulnerability, it does not restart the computer, a typical characteristic of those malware exploiting the already mentioned vulnerability, in order not to give evidence of its presence in the affected computer.