Worm poses as Windows Genuine Advantage

Discussion in 'spyware news and general information' started by NICK ADSL UK, Jul 4, 2006.

Thread Status:
Not open for further replies.

    NICK ADSL UK Administrator

    May 13, 2003
    IT security experts have warned of a worm that purports to be Microsoft's Windows Genuine Advantage (WGA) anti-piracy tool.

    WGA has recently been branded as 'spyware' in that it collects unnecessary hardware and software data from users' PCs.

    The Cuebot-K worm spreads via AOL Instant Messenger, registering itself as a new system driver service called 'wgavn'. It carries the display name 'Windows Genuine Advantage Validation Notification', and runs automatically during system startup.

    Users who view the list of services are told that removing or stopping the service will result in 'system instability'.

    Once in place the worm disables the Windows firewall, and opens a backdoor to infected computers which allows hackers to gain remote access, spy on users, and potentially launch distributed denial-of-service attacks.

    "People may think they have been sent the file from one of their AOL IM buddies, but in fact the program has no friendly intentions," said Graham Cluley, senior technology consultant at Sophos.

    "Technical Windows users would not be surprised to see WGA in their list of services, and may not realise that the worm is using that name as a cloak to hide the fact that it has infected the PC.

    "If users heed the false warning about removing the program, and leave it running, they will present a backdoor to hackers that could allow them to gain control over the computer."

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.