Security researchers have identified a worm virus masked to appear as Microsoft's Windows Genuine Advantage anti-piracy program, while end users have filed a second lawsuit against the software giant's use of the actual program.
Workers at anti-virus specialist Sophos were among the first to unearth the worm disguising itself as WGA. Dubbed by the firm as Cuebot-K, the virus is spreading over AOL's popular instant messaging network posing as Microsoft's controversial anti-piracy software.
ADVERTISEMENT Sophos said Cuebot-K is registering itself on infected PCs as a new system driver service named "wgavn" that also bears the public display name of "Windows Genuine Advantage Validation Notification." The virus automatically runs during system startup, and users who view the list of services offered by the threat are informed that removing or stopping the service will result in system instability.
Researchers indicated that once in place, Cuebot-K disables the Windows OS firewall and opens a backdoor to infected computers, which could potentially allow hackers to gain remote access of a machine to spy on users or launch DDOS (distributed denial-of-service) attacks.
Adding to the threat is widespread controversy over WGA that has forced Microsoft to offer an updated version of the program, a previous iteration of which some people have labeled as having spywarelike capabilities. End users looking for that update could unknowingly expose themselves to Cuebot-K, experts said.
sa: http://www.pcmag.com/article2/0,1895,1985060,00.asp