Welcome to p2pnet.net - The original daily p2p and digital news site. Always First!
REGISTER | LOGIN
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
Reviews
Open Source
Mobiles
Advertising
Products
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Scroogle Search: 
Search
 
Web p2pnet   
   Search: 
Search
Torrent Site Tracker
    Sponsored by
Frostwire
 
p2pnet
 


mp3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Sasser-like Korgo likes LSASS

p2pnet.net News:- Korgo, a network worm written by Russia’s Hangup Team and which, like Sasser, spreads through a Microsoft Windows LSASS vulnerability, is now on the loose.

According to The Australian here, Korgo is targeting German bank accounts and credit cards.


“The Federal Office for Security in Information Technology (BSI) in the western city of Bonn said the new Korgo virus exploited security loopholes in the Microsoft operating system Windows,” says the story, quoting Thomas Baumgaertner, a Microsoft spokesman in Germany, as saying:

“We are working on the assumption that only a small group of users has been affected because most people acted to protect themselves after Sasser.”

The threat posed by phishing, "has racheted up a notch with the Korgo worm, which auto-infects unpatched Windows systems with a keylogging trojan, steals online banking information, and secretly transmits data back to the fraudsters," says Netcraft here.

"The worm represents an alarming advance in phishing, as it forgoes the need to trick the end user into divulging details. Phishing trojans that monitor keystrokes are not new, but to date have required some form of response to an e-mail ‘bait’."

F-Secure says here that when launching, Korgo – in C++ and about 10kb, packed using UPX – copies itself to the Windows system directory under a random name, and registers this file in the system registry auto-run key: [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]

WinUpdate = %system%name of file

It also creates a registry key

HKLMSOFTWAREMicrosoftWireless
Server = 1

Korgo creates the mutexes “10″, “u2″ and “uterm5″ to flag its presence in the system and selects the IP-addresses of random machines to infect and attack, similar to other worms which exploit the same LSASS vulnerability, states F-Secure, adding:

“Once infected, a victim machine will display an error message that the LSASS service has failed. After this error message has been displayed, the computer may reboot.

“The worm open TCP ports 113, 3067 and 2041 to receive commands.

“It attempts to connect to several IRC servers to receive commands and transmit data.”

=================

Revised at 7:30 Pacific.

This entry was posted on Thursday, June 3rd, 2004 at 7:42 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2702 times

« previous Nokia’s newest: Motion Games
Microsoft Cash Cow next »

Leave a Reply

ONLY items referencing the post at hand, please. No links to personal sites, no personal attacks, trolling, freebie advertising, or off-topic posts. Thanks. And Cheers!

    Sponsored by
tek savvy