Due to an increase in submissions in the last 12 hours, Symantec Corp.'s Security Response has upgraded W32.Korgo.F from a Level 2 to a Level 3 threat.
"W32.Korgo.F includes backdoor functionality that could leave systems open to unauthorized access," says Alfred Huger, senior director, Symantec Security Response. "This backdoor functionality could result in a loss of confidential data, and may also compromise security settings. This threat is another strong example of why it is critical for computer users to be diligent in applying security patches, keeping virus definitions updated, and following best practices."
According to Symantec W32.Korgo.F is a worm that attempts to propagate by exploiting a Microsoft Windows vulnerability publicly announced on April 13 -- Microsoft LSASS Buffer Overrun Vulnerability. This blended threat, says the company, affects computer users on Windows 2000 and Windows XP.
Symantec says W32.Korgo.F will listen on TCP ports 113 and 3067 and could open back doors on those ports.
Threats to privacy and confidentiality, says the company, have been the fastest growing threat in recent months, with the Symantec Internet Threat report released in March showing a 514 percent growth in volume of submissions within the top ten.
"The rising incidents of blended threats with the potential to open back doors, demonstrates the importance of an integrated approach to security within the infrastructure" says Kevin Isaac, regional director, Middle East & Africa. "A firewall will block unusual port traffic by default, and, when combined with updated anti-virus and intrusion detection systems, offers top level protection. If users are affected, there is a free removal tool, as well as manual removal instructions on http://www.securityresponse.symantec.com."
Symantec says it strongly advises users to apply the patch provided by Microsoft Corp. for the LSASS Buffer Overrun Vulnerability as soon as possible. In addition, Symantec recommends that users update their anti-virus definitions to prevent exploitation of this threat. It says that users should also check that their firewall is configured to block ports 113 and 3067.
More information and virus definitions are available at http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.f.html.