|
Family: Backdoors --> Category: infos
Korgo worm detection Vulnerability Scan
Vulnerability Scan Summary Korgo worm detection
Detailed Explanation for this Vulnerability Test
The remote host is probably infected with Korgo worm.
It propagates by exploiting the LSASS vulnerability on TCP port 445
(as described in Microsoft Security Bulletin MS04-011)
and opens a backdoor on TCP ports 113 and 3067.
See also :
http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.c.html
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Solution:
- Disable access to port 445 by using a firewall
- Apply Microsoft MS04-011 patch.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|