Spyware, Viruses, & Security forum

General discussion

Weekly report on viruses and intrusions - 05/30 /04

by Marianna Schmudlach / May 30, 2004 3:06 AM PDT

Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, May 30 2004 - This week's report on viruses and intrusions will deal
with three worms: Bobax.D and the variants A and B of Korgo.

The D variant of the Bobax worm spreads via the Internet by exploiting the
security holes mentioned below in those computers that have not been
properly patched:

- RPC DCOM vulnerability, critical for Windows 2003/XP/2000/NT operating

- LSASS vulnerability. When it exploits the LSASS vulnerability, Bobax.D can
only affect and spread automatically to Windows XP/2000 computers that have
port 5000 open. However, computers with other Windows operating systems can
also be a source of transmission when a malicious user runs the file
containing the worm in any of these computers.

Bobax.D carries out the following actions: it restarts the affected
computers and opens several random ports through which a remote user can use
the affected computer as an SMTP mail server in order to send spam.

The other two worms in this report are Korgo.A and Korgo.B, which like
Bobax.D, spread via the Internet by exploiting the LSASS vulnerability.

These two worms open and listen on the TCP ports 113, 3067 and 2041. In
addition, both worms attempt to connect to different IRC servers through
port 6667 and they are designed to prevent the system from shutting down.
Korgo.A and Korgo.B are 10,240 bytes in size when compressed with UPX v1.24,
and 16,896 bytes in size once decompressed.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia at:

Discussion is locked
You are posting a reply to: Weekly report on viruses and intrusions - 05/30 /04
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Weekly report on viruses and intrusions - 05/30 /04
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!