Although Microsoft has issued a fix for the LSASS vulnerability in Windows, the appearance of three new Korgo worms has shown that not all systems have been patched.
Korgo has been available since the middle of last week with three versions: Korgo.a, Korgo.b, and Korgo.c, which scan systems that have not been patched. Korgo does not propagate by e-mail, and when it infects a system, it opens a backdoor, allowing an attacker to connect to a victim's computer.
According to Finnish security firm F-Secure, Korgo (also known as Padobot), selects IP addresses from many random computer systems to infect and attack with similar LSASS vulnerabilities. like the Sasser worm.
Korgo opens TCP ports: 113, 445, 2041, 3067, and 6667 to connect to IRC servers waiting to receive commands and receive incoming data. In case of successful exploitation, worms can allow hackers to completely control the victim's computer system.
Although Korgo's speed of delivery is not fast, security vendors still recommend users to quickly patch the LSASS vulnerability patch for Windows NT, 2000, XP, and Windows Server 2003 with the Windows Update feature or from the Microsoft website.
& nbsp;
