Kaspersky detect it as Backdoor.Agobot.gen. So another one of the many
other Agobot variants.
Michael Young wrote:
Yesterday a large client of ours was taken down by what appears to be
a Korgo variant, but I have been unable to locate any information on
this worm. From what we have discovered, the main process is
âVDisp.exeâ. It is spreading through unpatched systems vulnerable to
the LSASS exploit, and propagates itself through a serious of randomly
chosen ports. The worm creates randomly generated services that
initialize the process, and also creates a registry entry in
RunServices and Run to load. I am anxious to hear any feedback anyone
has regarding this issue as we are still attempting to reduce network
traffic and alleviate any remaining issues. I have attached a copy of
the executable (rename to .exe).
Thank you,
Michael Young
IT Consultant
Miles Technologies
(800)-496-8001
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
