MS04-011: Korgo Internet Worm Family
This new MS04-011 LSASS based "Blaster-like" worm will only impact unpatched systems, and should not pose a significant corporate risk. MS04-011: Korgo Internet Worm Family
(4 variants so far) http://secunia.com/virus_information/9611/korgo.a/ http://secunia.com/virus_information/9615/korgo.b/ http://secunia.com/virus_information/9721/korgo-c/ http://secunia.com/virus_information/9744/korgo.d/
W32.Korgo is a worm that attempts to exploit Microsoft LSASS Windows vulnerability, described in Microsoft Security Bulletin MS04-011. The worm also listens on TCP ports 113, 2041, and 3067, and allows unauthorized access to the infected computer."
Key TCP Ports to block for unpatched systems: 113, 2041, 3067, 6667, 445