Computer Crime Research Center

abstract/1949.jpg

Korgo is written by Russian hackers

Date: June 10, 2004
Source: Computer Crime Research Center
By: Timofey Saytarly

A new worm uses the same vulnerabilities as the Sasser worm that caused havoc last month. Although this Korgo virus is not wide spread yet, it forced security companies like Symantec, F-Secure to issue warnings as Korgo is obtaining personal financial information. Hence it has become dangerous to do shopping on the Net because Korgo records all keyboard keystrokes on your computer and saves them in a log file in the background. The virus just opens up a backdoor through which a hacker could enter and install a key-logger program undetected; however, Korgo itself does not contain such an application.

Korgo (aka Padobot) is a network worm allegedly written by the Russian Hangup Team virus group. It spreads throughout the Internet using a vulnerability in Microsoft Windows LSASS buffer overrun vulnerability. Korgo spreads via the Web, which means that it does not need to be launched by a user, as e-mail viruses do. There are a number of variants, and the virus is currently up to Korgo.E.

But because Korgo exploits the same vulnerability that Sasser did, it only affects those computer users and businesses that did not install a security patch during the Sasser threat.
For this reason, only a small number of users should be affected.

Read more about Russian viruses


Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-09-02 23:02:02 - Veri nice site! Benny
2004-06-21 13:07:28 - żDoes it have something to do with ICQ... bridget
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo