The author of the Korgo family of worms seems to be carrying out experiments with new variants aimed at catching users off guard, leading one anti-virus vendor to raise the Threat Level and warn of a ‘serious epidemic’. ”We have not been able to determine to goal of this worm’s creator,” says Luis Corrons, head of PandaLabs, an arm of Panda Software, a Glendale, Calif.-based virus and intrusion prevention company. ”The amount of work being put into the development of the Korgo variants would suggest that this is more than just someone having a bit of fun. This is also far form the the typical virus strategy of simply getting as many variants in circulation as quickly as possible to infect as many computers as possible, as they have taken the trouble to make their creations delete their own predecessors.” The Korgo family is made up of network worms that propagate using the LSASS exploit. According to Panda Software analysts, these worms try to lay low when they infect computers and therefore users don’t see tell-tale signs, such as continuous restarts, in infected computers. They also can, depending on the variant, delete certain files, open communication ports and try to connect to various IRC servers. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.