Korgo, a new virus that can infect Windows 2000 and XP systems simply by connecting them to the internet, continued to spread worldwide on Friday, installing a tiny spy that can record what keys were pressed at secret moments such as typing passwords.
Korgo first showed up on May 22 and is now circulating in at least six versions. The antidote is a free programme code-named ”KB835732” from the Microsoft website, but analysts said the spread of Korgo suggests millions of PC users have not yet taken the medicine.
Christoph Fischer, a German expert on viruses, said there was no sign yet that Korgo was leading to an upsurge in internet traffic.
The worm exploits the same flaw in Windows as Sasser, the world’s biggest virus since late April. Neither worm affects Windows 98 or other operating systems. Anti-virus companies raised their threat assessment of Korgo after finding it had become widespread.
”After all the fuss about Sasser, a computer user ought to be quite embarrassed at having still left the security hole open,” said Fischer. Microsoft released the patch on April 13.
A German teenager, Sven Jaschan, has admitted writing Sasser, claiming it was an antibody to kill off nastier viruses on the loose. F-Secure, a Finnish virus-hunting company, has suggested Korgo may be the work of a Russian hacker group dubbed the ”Hangup Team”.
The effective versions of Korgo arrive unawares, without needing an e-mail as their carrier. The computer user does not realise he is being monitored by the keystroke logger.
PC Professionell, a German magazine that suggested on Thursday that Korgo aggressively harvests passwords, downgraded its warning on Friday.
Journalist Thomas Kreitschmann said the Korgo hacker would need to do a lot of analytic work to distinguish the keystrokes of passwords or credit cards from other things typed into the computer. Korgo cannot find and decode the passwords stored on the hard drive.
The number of new viruses released on the internet in May hit a two-and-a-half-year high last month, anti-virus vendor Sophos said.
Sophos found a total of 959 new viruses on the internet in May, the highest number since December 2001. It says its products protect against 90 811 different viruses. The ”top 10” for May were headed by Sasser. — Sapa-DPA