Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows Genuine Advantage worm!

Status
Not open for further replies.
trojanman

trojanman

IS-IT--Management
Jun 14, 2006
280
0
0
US

Cuebot-K IM worm turns on unwary Microsoft users

Robert Jaques, vnunet.com 04 Jul 2006

ADVERTISEMENTIT security experts have warned of a worm that purports to be Microsoft's Windows Genuine Advantage (WGA) anti-piracy tool.

WGA has recently been branded as 'spyware' in that it collects unnecessary hardware and software data from users' PCs.

The Cuebot-K worm spreads via AOL Instant Messenger, registering itself as a new system driver service called 'wgavn'. It carries the display name 'Windows Genuine Advantage Validation Notification', and runs automatically during system startup.

Users who view the list of services are told that removing or stopping the service will result in 'system instability'.

Once in place the worm disables the Windows firewall, and opens a backdoor to infected computers which allows hackers to gain remote access, spy on users, and potentially launch distributed denial-of-service attacks.

"People may think they have been sent the file from one of their AOL IM buddies, but in fact the program has no friendly intentions," said Graham Cluley, senior technology consultant at Sophos.

"Technical Windows users would not be surprised to see WGA in their list of services, and may not realise that the worm is using that name as a cloak to hide the fact that it has infected the PC.

"If users heed the false warning about removing the program, and leave it running, they will present a backdoor to hackers that could allow them to gain control over the computer."
Click to expand...
 
Microsoft won't send personal information in email, IM, or phone-calls. If you want a Windows Update, just go there. If it appears in the Auto Download/Updater, then install it.

Silly people have already caused Outlook to me sunk in security.

There is enough bad press about the Tool already. It's not going away, though.

-David
2006 Microsoft Most Valueable Professional (MVP)
2006 Dell Certified System Professional (CSP)
 
Status
Not open for further replies.

Similar threads

pjw001
  • Question
Latest Windows Update - End of Service
Replies
2
Views
204
pjw001
pjw001
VicM
  • Locked
  • Question
Problem updating Windows Explorer
Replies
1
Views
164
Nancycaf
Nancycaf
pjw001
  • Question
Windows 11 Screen Colours have changed (slightly) 3
Replies
14
Views
779
pjw001
pjw001
pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
211
pjw001
pjw001
I81B4U
  • Locked
  • Question
Windows 11 Volume Too Quiet
Replies
3
Views
184
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top