Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a worm that disguises itself as Microsoft's anti-piracy program,
Windows Genuine Advantage (WGA).
The Cuebot-K
worm poses as the genuine Microsoft WGA program which was recently
the subject of controversy in the media, following allegations that
it has been spying on Windows users by collecting hardware and
software data from PCs. Microsoft has since issued a new version of
WGA and has published instructions for removing it altogether.
The Cuebot-K worm spreads via AOL instant messenger, registering
itself as a new system driver service called "wgavn", with a
display name of "Windows Genuine Advantage Validation
Notification", and automatically runs during system startup. Users
who view the list of services are told that removing or stopping
the service will result in system instability.
Once in place the worm disables the Windows firewall, and opens
a backdoor to infected computers which allows hackers to gain
remote access, spy on users, and potentially launch distributed
denial-of-service (DDoS) attacks.
The worm describes itself in the list of
services as 'Windows Genuine Advantage Validation
Notification'
"People may think they have been sent the file from one of their
AOL IM buddies, but in fact the program has no friendly intentions.
Technical Windows users wouldn't be surprised to see WGA in their
list of services, and so may not realise that the worm is using
that name as a cloak to hide the fact that it has infected the PC,"
said Graham
Cluley, senior technology consultant at Sophos. "Once in place
this malware disables the firewall and opens a backdoor by which
hackers can gain control over your computer to steal, spy, and
launch DDoS attacks."
Sophos has been protecting against the W32/Cuebot-K malware
since 20:55 GMT on 30 June 2006.
Sophos recommends that all computer users should ensure that
they are running an anti-malware product which is configured to
automatically update itself, security
patches and firewall
software.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.