Bofra: This mass-mailing worm has several variants and is also referred to as W32.MyDoom.ah@MM and Win32.Bofra. An infected email message may refer to a Paypal account transaction or solicit a visit to a Web camera. The worm may attempt to connect an infected computer to an IRC network.
Korgo: This worm also has several variants and is also known as Padabot. The worm spreads by seeking and infecting vulnerable network computers. The worm may attempt to connect an infected computer to an IRC network.
The campus vulnerability scanners have been updated to identify these viruses via two mechanisms.
?\tThe infection scan that occurs during Disauth Web authentication will direct the user of the infected computer to a reference page with links for removing the infection. The infection must be removed in order to successfully authenticate.
?\tThe selfscan site (http://selfscan.ucdavis.edu) will direct the user of the infected computer to a warning page and links for removing the infection.
For further information about these two viruses, please see:
Bofra (aka W32/MyDoom.ah) References: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOFRA.A http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631
Bofra Automated Removal Tool: http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra@mm.removal.tool.html
Korgo References: http://securityresponse.symantec.com/avcenter/venc/data/w32. korgo.a.html http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=126115
Korgo Automated Removal Tool: http://vil.nai.com/vil/averttools.asp#stinger
If you have any questions regarding the vulnerability scanner updates, please contact security@ucdavis.edu.