Windows Genuine Disadvantage malware sighted

Perfidious virus pushers have created a worm that poses as Microsoft's anti-piracy program, Windows Genuine Advantage (WGA).

The Cuebot-K worm spreads via AOL instant messenger in the guise of WGA. The timing of the release of the malware coincides with controversy over a feature in WGA that meant that the anti-piracy program "phoned home" with hardware and software data from PCs every time Windows started up.

Cuebot-K attempts to register itself as a new system driver service called 'wgavn', with the display name 'Windows Genuine Advantage Validation Notification'. Thereafter it runs every time a computer starts up. Users who attempt to remove the malware are falsely informed that getting rid of the program will result in system instability.

Once installed on infected machines, Cuebot-K disables Windows firewall and opens a backdoor on compromised machines, surrendering their control to hackers.

More information on the malware can be found in an analysis by anti-virus firm Sophos here.

:source: Source: TheRegister.co.uk

I ain't got WGA and don't plan on installing any new Microsloth stuff ... gonna switch permanently to Linux ...

I run windows and office, but that is all the microsoft stuff I run. do you really think I would trust the security of my machine to microsoft?

Microsoft keeps invading privacy, all to fight piracy... no need to keep the call back feature when it has been prooved to be authentic... Imo

had one of those today on a customers pc nasty little bugger

The length these idiots go to in order to create a virus.Don't they have anything better to do?

I thought WGA was malware :unsure: I mean it tried to sneak on to my system then send it's data back to it's paymaster.

Quote:

---

Originally Posted by sear

I thought WGA was malware :unsure: I mean it tried to sneak on to my system then send it's data back to it's paymaster.

---

It's microsoft malwares. :P