W32.Korgo may have a bigger appetite for destruction than first thought. When it first came on the scene last month, the worm was largely dismissed as just another Sasser replica that posed little threat to machines patched against the LSASS buffer-overflow vulnerability in Windows XP and 2000. Now that 12 variants of Korgo have appeared in quick succession, antivirus experts worry its maker is fine-tuning the code and using the LSASS flaw as a test bed for a more damaging assault in the future. “My concern is the malicious code writers behind Korgo are getting more and more experience with this,” said Patrick Hinojosa, chief technology officer for Panda Software of Glendale, Calif., which has posted a new Korgo warning on its Web site. “They’re testing payloads until they find a way to switch their attack vector. If a new vulnerability similar to LSASS appears, they’ll be able to launch a quick, extensive attack.” Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.