Skip to content

Channel Register

Windows Genuine Disadvantage malware sighted

3 Jul 2006 14:14

Topical malware tomfoolery

SlashdotDiggdel.icio.usReddit
® [Printer] [Mobile]

Perfidious virus pushers have created a worm that poses as Microsoft's anti-piracy program, Windows Genuine Advantage (WGA).

The Cuebot-K worm spreads via AOL instant messenger in the guise of WGA. The timing of the release of the malware coincides with controversy over a feature in WGA that meant that the anti-piracy program "phoned home" with hardware and software data from PCs every time Windows started up.

Cuebot-K attempts to register itself as a new system driver service called 'wgavn', with the display name 'Windows Genuine Advantage Validation Notification'. Thereafter it runs every time a computer starts up. Users who attempt to remove the malware are falsely informed that getting rid of the program will result in system instability.

Once installed on infected machines, Cuebot-K disables Windows firewall and opens a backdoor on compromised machines, surrendering their control to hackers.

More information on the malware can be found in an analysis by anti-virus firm Sophos here. ®

Track this type of story as a custom Atom/RSS feed or by email.
Previous Article Next Article
Whitepapers

Related Whitepapers