Existing members can use the sign in option below.
Bobsguide members enjoy:
The Korgo worm and all its variants exploit the vulnerability identified in Microsoft Security Bulletin MS04-011 on April 13, 2004. The worm targets the Microsoft Local Security Authority Subsystem Service (LSASS), which provides an interface for managing local security, domain authentication and active directory processes.
The worm spreads by scanning randomly selected IP addresses for vulnerable systems (through port 445) and on locating a vulnerable unpatched system. It then copies itself to the WINDOWS SYSTEM directory under a random name and adds a value to the registry run key, which allows the worm to propagate upon start-up of the computer.
The LSASS.exe process will crash after the worm exploits the Windows LSASS vulnerability. Windows will then display an alert and shut down the system.
The worm links to a remote access server that allows the attacker to control the infected system. The worm listens on TCP ports 113, 3067 and a random port and attempts to connect to a list of pre-defined IRC servers, to receive commands and transmit data to the attacker.
Owners of Finjan Software desktop solutions, SurfinShield Corporate and SurfinGuard Pro are proactively protected against the worm in real-time, without the need to download signature-file updates.
Using a behaviour-based technique known as "sandboxing," these products protect computer users from mobile malicious code received through the Internet, e-mail, peer-to-peer (P2P) applications, instant messengers and IRC communications. The technology examines mobile code, scripts, processes and various applications - including the Windows LSASS client (‘Lsass.exe’) - and blocks any malicious behaviour originating from the network.
"Finjan’s behaviour-based sandboxing technique was successful in blocking the Korgo worm from propagating during the initial hours of the outbreak, prior to the availability of signature-file updates from anti-virus vendors and will continue to protect owners of its software against future variants and similar future attacks," confirms Nick Sears, vice president, EMEA.
For more information please contact:
+44 (0) 1344 427127
Sarah Bramley/Laura Slade
+44 (0) 1252 727313
FundCount Wins Best Accounting Solution at Family Wealth Report AwardsMeets family office needs for a unified accounting, general ledger and reporting...View article
Path Solutions, a global provider of AAOIFI-certified software solutions and services for Islamic banks and financial institutions, today announc...View article