Windows Users Fear Korgo Virus
An anonymous reader writes "A new virus is on the prowl that can infect your Windows XP/2K system and record every key you hit on your keyboard. The keys are then sent back to the virus creator where he/she can steal your passwords and credit card information. The virus named, Korgo, started showing up in the last week of May but it now has at least six different variants. To protect yourself from this nasty virus, Microsoft is urging all users to download the KB835732 Security Update. As with the Sasser worm, you'll get the Korgo virus without even knowing it. It does not arrive by email, but simply by being connected to a network or to the Internet without having a patched machine or a properly configured firewall."
The company that I work at pushed the KB835732 patch out to a few thousand machines. It caused some incompatability issue that cause Windows to blue screen with the error "Winsrv.dll missing or corrupt", its been a blast removing the patch through recovery console, especially walking remote users through it.
I read the post and immediately thought "oh gosh, here we go again" and went to MS windows update to update my workstation while I downloaded the patch. Then I realized that I'd already updated everyone here at the office back when the patch first came out.
Damn, I gotta rtfa *grin*
Seriously though, even though I check for new updates religously and try to keep all the users on my network up to date, I guess I'm still a little gun-shy.
The Digital Sorceress
Nope. I have a questionable windows copy -- I won this computer in a legit contest STRAIGHT from Intel itself, and it didn't come with any documentation or keys. When I go to Windows Update, it refuses to work because it thinks I have a pirated key.
Needless to say, isntalling individual hotfixes like these is a PITA.
Sadly, that's not the bottom 5% of the userbase. In the last three months, I've had to fix six home user computers and one that was used to track the finances of a church. Four of the home computers had never had Windows Update run (and both of the other two had only been force-fed updates through manufacturer-installed support software), and the Church computer was still vulnerable to the Blaster worm (Thankfully the thing wasn't connected to the Internet)
Forgive my ignorance, but shouldn't the lightweight consumer-grade routers (Linksys and such) with NAT be effective as well at blocking this sort of thing?
Murphy was an optimist.
It comes with a firewall, but it's like that thing with Outlook where you can tell it "Don't let me download anything that might harm my computer" a handy function that protects you from ever downloading anything, or opening any attachment.
When you turn the firewall on, it blocks a ton of ports, which may or may not include ports it should block (telnet). Needless to say there isn't any way to configure which ports. It's all or nothing.
I've got it on, but god knows if its doing any good, as its behind 2 better firewalls.
Hmmm. Lol. Okay, I just portscanned myself, and despite my setting it to dump ALL non established incoming tcp/ip, it doesn't block a bunch of ports (below), including IIS and 445, though it does block SSH and telnet (then again, those services might not be available for my version of windows, so who the hell knows?)
In conclusion, it sucks, and it won't protect you from this virus.
7/tcp open echo
9/tcp open discard
13/tcp open daytime
17/tcp open qotd
19/tcp open chargen
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1027/tcp open IIS
5000/tcp open UPnP
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
"The keys are then sent back to the virus creator"
I've always wondered about this sort of thing... doesn't that make the creator pretty easy to catch?
"he drew his sword Ringil that glittered like ice... and he wounded Morgoth with seven wounds..."