|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] New Worm Discovery - Potential Korgo Variant
From: joe smith (joe
joesmith.homeip.net)
Date: Thu Jun 24 2004 - 10:27:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kaspersky detect it as Backdoor.Agobot.gen. So another one of the many
other Agobot variants.
Michael Young wrote:
> Yesterday a large client of ours was taken down by what appears to be
> a Korgo variant, but I have been unable to locate any information on
> this worm. From what we have discovered, the main process is
> ‘VDisp.exe’. It is spreading through unpatched systems vulnerable to
> the LSASS exploit, and propagates itself through a serious of randomly
> chosen ports. The worm creates randomly generated services that
> initialize the process, and also creates a registry entry in
> RunServices and Run to load. I am anxious to hear any feedback anyone
> has regarding this issue as we are still attempting to reduce network
> traffic and alleviate any remaining issues. I have attached a copy of
> the executable (rename to .exe).
>
>
>
> Thank you,
>
>
>
> Michael Young
>
> IT Consultant
>
> Miles Technologies
>
> (800)-496-8001
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]