Slashdot Mirror


Windows Users Fear Korgo Virus

An anonymous reader writes "A new virus is on the prowl that can infect your Windows XP/2K system and record every key you hit on your keyboard. The keys are then sent back to the virus creator where he/she can steal your passwords and credit card information. The virus named, Korgo, started showing up in the last week of May but it now has at least six different variants. To protect yourself from this nasty virus, Microsoft is urging all users to download the KB835732 Security Update. As with the Sasser worm, you'll get the Korgo virus without even knowing it. It does not arrive by email, but simply by being connected to a network or to the Internet without having a patched machine or a properly configured firewall."

21 of 533 comments (clear)

  1. You know... by Anonymous Coward · · Score: 4, Insightful

    I wish that, just once, a lot of people will get ripped off. The credit card companies will cover any losses (they have to by law), and people will actually realise that yes, keeping up to date with patches is a good idea.

  2. Why is this .gt. 1 month old update news? by Flexagon · · Score: 3, Insightful

    Though the listed viruses may be new, the actual update was released over a month ago and those of us here should already know better. This is the kind of "timely" information I get from Comcast support.

  3. Re:KB835732 by Bender+Unit+22 · · Score: 4, Insightful

    Yes and then people fail to understand why it takes some time to patch up all machines.
    At work we do the releases in steps, first the IT dept, then the superusers. And then we take the rest in steps to prevent too much trouble.
    But it just not install the patch on 2000 machines as soon it comes out.

  4. Re:Darwinism by Amiga+Lover · · Score: 3, Insightful

    This is hardly the bottom 5% of the internet. Most regular Joe Users that I've talked to don't even realize they have to update their machines. So there are probably a lot of people that don't even have the Blaster patch...

    How can people NOT know. God, they click "yes" on enough spyware/malware/whatever email crap, but when windows update comes up to tell them there's a new patch for a bad virus, they're clicking no?

    Are people really this daft?

  5. Not surprising. by AbyssLeaper · · Score: 5, Insightful

    Let's not forget that most users (which wouldn't be reading /.) don't have any idea about this stuff. This confuse virus scanners with firewall, and think patching is something you do with clothes. So no, they don't really deserve it.

    Like it or not, they want their PC to work like their television. As much as you or I don't like it, they are the people that are keeping Windows suppport folks employed.

    I can't say how many times I've helped with someone's machine, and they've had multiple virus infections, spyware and general crap on their machine because they don't know any better. It's a fact of life that Microsoft is going to have to own up to if they want to stay on top. They raised the beast, now they need to teach it the rules.

    --
    It's 11PM, do you know where your pants are?
    1. Re:Not surprising. by Joe+Tie. · · Score: 3, Insightful

      If say Linux/OSX was the #1 Joe Consumer OS then it would have virus like this.

      OK, would you tell me how an operating system that's not giving the user write priviliages to anything other than their home directory would have the same amount of viruses as one where by default the user has write privliages to everything composing the operating system?

      --
      Everything will be taken away from you.
    2. Re:Not surprising. by tdemark · · Score: 5, Insightful
      If say Linux/OSX was the #1 Joe Consumer OS then it would have virus like this.

      Ummm.... no.

      The output of 'netstat' on a default Mac OS X box:
      tcp4 0 0 127.0.0.1.631 *.* LISTEN
      tcp4 0 0 127.0.0.1.1033 *.* LISTEN
      G'head. Try to remote exploit.

      - Tony
  6. Re:Hmmm.... by bigrat · · Score: 5, Insightful
    I work at the tech bench at Best Buy part-time.


    Despite the default config of 2k/XP to inform you that updates are available, we've been fixing hundreds of machines infected with Sasser, and even Blaster. Users simply ignore the update warning, or outright refuse to run it. One user mentioned "Why would I need to run that?"


    Even Microsoft can't prevent ignorance.

  7. Re:Another? by goldspider · · Score: 3, Insightful
    "You would think after the last 150 they would learn to secure their systems."

    The patch is six weeks old. At what point does it cease to be Microsoft's problem and become the PC owner's?

    It is not Microsoft's responsibility to make sure you have installed the latest patches and are exercising proper precautions.

    --
    "Ask not what your country can do for you." --John F. Kennedy
  8. Re:Older versions by Fig,+formerly+A.C. · · Score: 3, Insightful
    98 isn't vulnerable to this (or most or the other nasties from the past year), so why would you need support for it?

    Security through obscurity!!!.... Or at least old age...

    --
    Murphy was an optimist.
  9. Re:Details: by It'sYerMam · · Score: 5, Insightful
    445: microsoft-ds
    113: auth
    3067: unknown

    The first two, at least, are service ports (Why else would something exploit them) So the question is really, "why are they open by default?"

    I expect this will be fixed in XP SP2.

    The next time I boot into windows, I reckon I'm gonna be destroyed... I haven't updated in ages, so anything that zonealarm misses is heading straight for me.

    --
    im in ur .sig, writin ur memes.
  10. So you do all routine maintenance right? by Scott+Richter · · Score: 5, Insightful
    I wish that, just once, a lot of people will get ripped off. The credit card companies will cover any losses (they have to by law), and people will actually realise that yes, keeping up to date with patches is a good idea.

    It's easy for us to say that, we're computer users who (presumably) know what we're doing. But if one is to condemn non-patchers in that way - I assume you also change your oil every 3000 miles, go to the dentist every 6 months, floss daily, get an annual physical, clean the lint filter in your dryer after every load, eat 6 daily servings of vegetables, rotate your tires every 20,000 miles, have all your car's factory recalls done, change the air filters in your heater monthly, and perform all the other mindless routine maintenance you're supposed to do.

    The bottom line is, no one on earth outside the most anal retentive person alive does all that stuff. Not doing any of them could have consequences, but people simply don't have time to do all this shit.

    So yes, I do blame microsoft. One shouldn't have to constantly check symantec's web page just to keep your computer usable. Computers are appliances now. They should just work, dammit.

    1. Re:So you do all routine maintenance right? by skifreak87 · · Score: 3, Insightful

      Both of my parents have close to know idea how a computer works. They're computer got the sasser worm or some variant that kept restarting before they could do anything (solution, have a bootable disc to use so as not to boot off the hard-drive). What they didn't understand is that they CAN get viruses/worms by just being on the internet. Next thing, why wasn't their XP up to date, they thought it would cost money to get the updates so they never did (since they couldn't tell windows update notices apart from the mcaffee security center update notices - which do cost money once your subscription runs out) and never thought they could get viruses/worms except through email.

      Both my parents are quite intelligent and can work a computer for what they need (word processor/quicken/email/browser) fairly competently. The problem, IMHO, is that computer users view a computer as any other appliance, it should just work, and think if they follow some common-sense (such as not opening strange attachments) they wont have problems. People don't understand why it's important to patch a computer or even how to do it, so they don't.

  11. Re:Another? by gl4ss · · Score: 3, Insightful

    on 99% of users there's no reason for the ports to be open and having services on them ripe for exploitation.

    actually, if they advertise it as idiot proof and secure(even for idiots) it kind of becomes their problem.

    --
    world was created 5 seconds before this post as it is.
  12. Re:Sent back to creator? by Mad+Bad+Rabbit · · Score: 3, Insightful

    OK, since that channel is gonna get flooded anyway, use
    modified backend code from the virus to flood the channel
    with junk data.

    Or better yet, spike it with legitimate-looking data that
    will help catch the originator (root passwords for honeypit
    machines, special "arrest this customer" CC numbers, etc.)

    --
    >;k
  13. The part of the story Slashdot didn't report by Overly+Critical+Guy · · Score: 5, Insightful

    What a surprise it wasn't mentioned that this was patched months ago, right?

    This vulnerability is the LSASS Buffer Overrun Vulnerability, already patched way back on April 13. Slashdot probably had at least two or three articles on it back then as well if you wanna do a search for "sasser."

    If you haven't patched after two months, you're just the same as all those people who got hit with Blaster, which was also already patched beforehand. Linux distros issue security patches for their vulnerabilities weekly and nobody complains, but when Microsoft releases a patch, suddenly it's this huge issue to run a tiny executable that plugs security flaws, and then people bitch at Windows two months later when a virus comes out to exploit it...

    Just saying. How can one criticize their security if they won't apply their security patches? Almost all major software is gonna require a patch eventually. I don't get this steadfast need to avoid patching Windows boxes while freely recompiling Linux kernels on a whim for production servers when a minor point release comes out.

    --
    "Sufferin' succotash."
    1. Re:The part of the story Slashdot didn't report by foidulus · · Score: 5, Insightful

      Certain places can't just go and blindly patch. If you are running anything critical, you have to throroughly test the patch befor you apply it. If the patch brings down your application/business, then it might not be much worse than a virus. I don't know about Linux, but Microsoft has released some bad patches in the past(that would slow certain functions down to a crawl).
      For someone sitting at their pc, the risk of a patch is low, but some people cannot afford to risk their systems on haphazard patching.

  14. Re:updating by RTMFD · · Score: 3, Insightful

    Damn, so if I go rip off my neighbor's Pontiac should I be pissed off when the steering column catches on fire because I couldn't take it back to the dealer during the recall? This issue looks like a common sense to me.

    Committing theft takes away your right to be upset about such things, IMHO.

  15. Re:Issued two months ago--why was that not mention by 0racle · · Score: 4, Insightful

    Good of you to propagate this idea, except it doesn't hold water. May I draw your attention to the Apache web server vs. IIS.

    Windows is indeed a larger target, but the fact that Windows gets hit more often is its the easier of the two, virus writers are just like the rest of us, lazy. These flaws in Linux differ from those in Windows in that its so much easer to exploit the Windows ones.

    Windows has a larger attack area, but whomever is the first to successfully attack and damage Linux in the same way is going to go down in history, whereas who cares about who writes these, there's no skill involved.

    --
    "I use a Mac because I'm just better than you are."
  16. Re:Details: , Issued: April 13, 2004 by lseltzer · · Score: 3, Insightful

    >>the 011 patch also killed about 5% of the machines it was installed on before the May 4 update

    Where'd you get that number

  17. Re:Issued two months ago--why was that not mention by 0racle · · Score: 3, Insightful

    Solid numbers, unfortunately no, but we can draw some conclusions. That harbinger of doom Netcraft, in the May 2004 internet survey has 33,892,817 sites running Apache, 67% of surveyed sites, with IIS at 10,858,168, or 21%. If we assume that the Apache sites are nicely split between Apache 1 and 2, thats still 33.5% for each putting both ahead of IIS, which also assumes that there is only one version of IIS deployed, which would be incorrect since 2k has IIS 5 and 2003 IIS 6. Now from what I've heard, Apache 2 is probably deployed less then 1, but either way you slice it, Apache has more sites then any single version of IIS.

    Now while an exploit that runs on Sparc wont run on MIPS or x86, the flaw itself is there, and thanks to cross compilers, it wouldn't be much of a problem to recompile a tool to take advantage of any problem.

    --
    "I use a Mac because I'm just better than you are."