lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: joe at joesmith.homeip.net (joe smith) Subject: New Worm Discovery - Potential Korgo Variant Kaspersky detect it as Backdoor.Agobot.gen. So another one of the many other Agobot variants. Michael Young wrote: > Yesterday a large client of ours was taken down by what appears to be > a Korgo variant, but I have been unable to locate any information on > this worm. From what we have discovered, the main process is > ?VDisp.exe?. It is spreading through unpatched systems vulnerable to > the LSASS exploit, and propagates itself through a serious of randomly > chosen ports. The worm creates randomly generated services that > initialize the process, and also creates a registry entry in > RunServices and Run to load. I am anxious to hear any feedback anyone > has regarding this issue as we are still attempting to reduce network > traffic and alleviate any remaining issues. I have attached a copy of > the executable (rename to .exe). > > > > Thank you, > > > > Michael Young > > IT Consultant > > Miles Technologies > > (800)-496-8001 >
Powered by blists - more mailing lists