Security news
Security news24 June 2004
Are you protected against the Korgo worm? asks Sophos
Weeks after Sophos first advised users how to protect against the Korgo worm, reports are still coming in of companies being infected by other members of the Korgo virus family.
Over 20 different versions of the Korgo worm have been discovered by anti-virus experts in the last three weeks, with some of them problems for unprotected businesses.
The Korgo family of worms distribute themselves in a similar way to the infamous and widespread Sasser worm, by exploiting a critical security hole in Microsoft's software. The security hole, known as the LSASS vulnerability, was first reported by Microsoft on 13 April in Microsoft Security Bulletin MS04-011.
"It's extraordinary that new versions of the Korgo worm could continue to cause problems as they all exploit the same Microsoft security vulnerability as the hard-hitting Sasser worm," said Graham Cluley, senior technology consultant at Sophos. "It's obvious that many businesses and home users have still not applied the patch from Microsoft, even though it was made available over two months ago. Anyone taking security seriously should have put the Microsoft patch in place and ensured their firewalls are in order."
Customers using Enterprise Manager or the Sophos Anti-Virus Small Business Edition were automatically protected against the Korgo worms at their next scheduled update. However, Sophos recommends users who haven't already done so apply the security patch from Microsoft. Home users are advised to visit windowsupdate.microsoft.com.
Sophos suggests computer users sign up for email notification of new virus threats and add a live virus information feed to their websites.
