MS04-011: Korgo Internet Worm Family
This new MS04-011 LSASS based "Blaster-like" worm will only impact unpatched systems, and should not pose a significant corporate risk. MS04-011: Korgo Internet Worm Family (4 variants so far)
http://secunia.com/virus_information/9611/korgo.a/ http://secunia.com/virus_information/9615/korgo.b/ http://secunia.com/virus_information/9721/korgo-c/ http://secunia.com/virus_information/9744/korgo.d/ W32.Korgo is a worm that attempts to exploit Microsoft LSASS Windows vulnerability, described in Microsoft Security Bulletin MS04-011. The worm also listens on TCP ports 113, 2041, and 3067, and allows unauthorized access to the infected computer."
Key TCP Ports to block for unpatched systems:
113, 2041, 3067, 6667, 445