The Korgo worm which has been touring the world the past few days has been upgraded to a medium-risk threat thanks to the increase in numbers of one of its variants - Korgo.F in fact.
"W32.Korgo.F includes backdoor functionality that could leave systems open to unauthorised access," warned Alfred Huger, senior director of Symantec Security Response. "This backdoor functionality could result in a loss of confidential data, and may also compromise security settings. This threat is another strong example of why it is critical for computer users to be diligent in applying security patches, keeping virus definitions updated and following best practices."
Korgo.F exploits a the LSASS buffer overrun Windows vulnerability, publicly announced on 13 April, and affects Windows 2000 and Windows XP. It listens on ports 113 and 3067 and could open back doors on those ports.
"The rising incidents of blended threats with the potential to open back doors, demonstrates the importance of an integrated approach to security within the infrastructure" says Kevin Isaac, Symantec's regional director of the Middle East, who went on to pitch his company's product.
Advice is to apply the patch from Microsoft as soon as possible, update anti-virus software and definitions, and block ports 113 and 3067.