Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Fake MS WGA seeds malware

Fake MS WGA seeds malware

by Ivana Strahija on July 3rd, 2006 AOL LLC instant messenger program is once again the media of choice for malicious attackers to spread their viruses.


Security researchers warned recently of a malicious program, pretending to be Microsoft Windows Genuine Advantage tool, which is spreading through AOL instant messenger system.

Sophos named the worm W32.Cuebot-K, and it seems that the newest from Cuebot family is intended to bring much havoc. Immediately after installation, W32.Cuebot-K connects to twpo websites, where it downloads additional malware. Furthermore it shuts down Windows firewall, disables various programs and can perform DDoS attacks.

Sophos warns that this worm comes directly as a file "wgavn.exe" to infected users buddy lists, with no additional message.

But the interesting thing about this virus is that it registers itself as a new system device driver service named wgavn (HKLMSYSTEMCurrentControlSetServiceswgavn), presented in the services list as "Windows Genuine Advantage Validation Notification", according to Sophos.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »