Internet security experts say the Korgo worm may be much more dangerous than first expected.
Thought at one point to be merely another replica of the recent Sasser worm, renewed analysis of Korgo shows that the appearance of 12 variants of the worm in rapid succession could imply something of a "dangerous experiment" being conducted by Korgo's author, according to a virus alert from security firm PandaLabs, Glendale, Calif.
Like Sasser, Korgo exploits the Microsoft Windows LSASS Buffer Overrun Vulnerability, which was originally announced on April 13 in Microsoft Security Bulletin MS04-011. LSASS (Local Security Authority Subsystem Service) provides an interface for managing local security, domain authentication and Active Directory processes. Unpatched computers running the Windows 2000 and XP operating systems are thought to be at most risk of infection by Korgo.
However, unlike Sasser, Korgo maintains a much lower profile in infected systems.
"These worms try to lay low when they infect computers and therefore users won't see telltale signs such as continuous restarts in infected computers. They can also, depending on the variant, delete certain files, open communication ports and try to connect to various IRC servers," a statement from PandaLabs explained.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
