It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
This Korgo (aka Padobot) variant was found in the very end of May, 2004. It is very similar to other Korgo variants. It spreads throughout the Internet using a vulnerability in Microsoft Windows LSASS. A description of the vulnerability can be found in Microsoft Security Bulletin MS04-011
Plexus is an Internet worm spreading in three ways simultaneously: as an email attachment, via file-sharing networks and using the LSASS and RPC DCOM vulnerabilites in MS Windows like Sasser and Lovesan respectively. In addition, Plexus carries a potentially dangerous payload. Plexus contains rewritten code from Mydoom. It is written in MS Visual C++ and compressed with FSG: 16208 bytes and 57856 bytes. The main texts are encrypted.
Alan McCaig of www.b0f.net reported two local denial of service vulnerabilities in the following models of Linksys routers:
Linksys BEFSR81 v2/v3
Linksys BEFW11S4 v3
Linksys BEFW11S4 v4
The threat posed by these vulnerabilities is mitigated somewhat, as they are apparently only exploitable from the LAN side of the router. However, they will leave the device in a deadlocked state requiring a reset to factory defaults to return to working order. If the user has made significant modifications beyond these defaults this would likely be the source of much chagrin.
Currently, the only fix is to not randomly click on untrusted links.