6/2: Korgo-F Threat Level Heightened
June 2, 2004
Because of a flood of submissions in the past 12 hours, at least one anti-virus company has raised the threat level on Korgo-F.

. has upgraded W32/Korgo-F from a Level 2 to a Level 3 threat. Level 5 is the highest, and most dangerous, ranking. Symantec Security Response also has raised the DeepSight ThreatCon from a Level 1 to a Level 2 because of this.

Korgo-F is a worm that attempts to propagate by exploiting a Microsoft Windows vulnerability publicly announced on April 13, 2004. It's the Microsoft LSASS Buffer Overrun Vulnerability. This blended threat affects computer users on Windows 2000 and Windows XP. Korgo-F will listen on TCP ports 113 and 3067, and could potentially open backdoors on those ports.

''Korgo.F includes backdoor functionality that could leave systems open to unauthorized access,'' says Alfred Huger, senior director of Symantec Security Response in a written announcement. ''This backdoor functionality could result in a loss of confidential data and may also compromise security settings. This threat is another strong example of why it is critical for computer users to be diligent in applying security patches, keeping virus definitions updated, and following best practices.''

Symantec Security Response analysts strongly advise users to apply the patch provided by Microsoft for the LSASS Buffer Overrun Vulnerability as soon as possible. Users should also configure firewalls to block ports 113 and 3067.