Microsoft Windows Worm Steals Credit Card Info

Discussion in 'Computer Support' started by TechNews, Jun 4, 2004.

  1. TechNews

    TechNews Guest

    New PC Worm Steals Data
    anon June 4, 2004 LONDON

    Microsoft .. Windows users are being warned about a virus that is
    "aggressively stealing" credit card numbers and passwords, the BBC
    reports on its Web site Friday.

    The Korgo virus debuted on May 22 and since then has been steadily
    racking up victims.

    Although the virus is not widespread, security firms are issuing
    warnings because it is proving so effective at stealing confidential data.

    Those infected by Korgo are being urged to change passwords and credit
    cards if they have been used online recently.


    The key logger steals password and credit card information and sends it
    back to its creators, thought to be a virus writing group called the
    Hangup Team.


    "Change your passwords and cancel your credit cards. Especially the ones
    you've used during last week," wrote the antivirus researchers. "This is
    not a joke."
    TechNews, Jun 4, 2004
    1. Advertisements

  2. TechNews

    Craven Guest

    Ok, the situation with Korgo is a bit confusing, let me try to explain
    what's going on.

    - Most variants of Korgo are spreading worldwide. The numbers are not big
    when compared to outbreaks like Sasser, but it's definitely out there.

    - Korgo does include a backdoor

    - But Korgo does not include a keylogger, nor any code to steal banking info

    - It seems that the Hangup Team (virus group behind the worm) is actively
    installing a backdoor with password stealing capabilities known as Padodor
    to the infected computers. This is done via the backdoor left by Korgo.

    - Padodor collects anything typed to any web forms, and specifically logs
    bank logins for users of some international banks

    This gets pretty confusing, as "Padobot" (not Padodor) is one of the aliases
    of the Korgo worm.

    So, not all machines infected by Korgo have the Padodor backdoor, and the
    Padodor backdoor can be found from machines which are not infected by Korgo.
    But they are both written by the same virus group.


    Bird sightings based around 'Craven' Skipton, North Yorks.

    Outgoing mail is certified Virus Free.
    Checked by the Norton auto-updated anti-virus system.
    Craven, Jun 4, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.