Anti-virus companies have upgraded their threat ratings of the new Korgo worm, which spreads through an Explorer vulnerability announced on 13 April this year.
Symantec Security Response says that due to an increase in submissions in the last 12 hours, has upgraded W32.Korgo.F from a Level 2 to a Level 3 threat, while F-Secure has issued a Radar Level 2 Alert over several Korgo variants.
F-Secure says in a statement that several new Korgo (Padobot) variants are spreading. "All of them are network worms that exploit the LSASS vulnerability. They listen on different TCP
ports allowing unauthorized access," the company says.
"W32.Korgo.F includes backdoor functionality that could leave systems open to unauthorized access, said Alfred Huger, senior director, Symantec Security Response.
"This backdoor functionality could result in a loss of confidential data and may also compromise security settings. This threat is another strong example of why it is critical for computer users to be diligent in applying security patches, keeping virus definitions updated, and following best practices."
Symantec says threats to privacy and confidentiality have been the fastest growing threat in recent months, with this year`s Symantec Internet Threat report showing a 514% growth in volume of submissions within the top ten.
"The rising incidents of blended threats with the potential to open backdoors demonstrates the importance of an integrated approach to security within the infrastructure," commented Kevin Isaac, regional director, Middle East and Africa.
Symantec Security Response advises users to apply the patch provided by Microsoft for the LSASS Buffer Overrun Vulnerability as soon as possible. In addition, Symantec recommends that users update their anti virus definitions to prevent exploitation of this threat. Users should also check that their firewall is configured to block ports 113 and 3067, Symantec says.
Share
