Slashdot has brought a new virus to light called Korgo. Korgo is a variant of the sasser worm - it uses the same Windows vulnerability. This particular little rogue comes equipped with a nasty keylogger and can infiltrate a system directly via the Internet or LAN without the user even knowing it.

Visit Windows Update, make sure you have anti-virus software installed and make sure it's up-to-date and that is has the latest definitions, and of course make sure you have a firewall installed and that it is also up-to-date and turned on.

View: Removal Tool from Symantec (http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.f.removal.tool.html)
View: MS Security Bulletin + Patch (http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx)
View: Symantec Security Response (http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.f.html)

"W32.Korgo.F is a minor variant of W32.Korgo.E. It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 10108) on TCP port 445. It also listens on TCP ports 113, 3067, and other random ports."
Source: Slashdot (http://www.slashdot.org/)

http://www.short-media.com/forum/showthread.php?t=14820

http://www.short-media.com/forum/showthread.php?t=14820
Doh! Sorry. I'll leave this item up though, as the more exposure stuff like this gets the better.

Cheers