Security experts have recently discovered a new malware that masquerades as software designed to “sniff out” pirated versions of Microsoft Windows.
 |
| Source: 24x7updates |
According to classifications by expert Graham Cluley from Sophos, this malware is a type of worm that spreads through AOL’s instant messaging program. Sophos has named it W32.Cuebot-K, a new variant of the Cuebot malware family.
W32.Cuebot-K is a highly versatile worm. Once installed, it immediately attempts to connect to two default websites—indicating that its ultimate goal is to download additional malware onto the system.
Moreover, Cuebot-K can disable antivirus software, turn off the Windows firewall, carry out basic denial-of-service attacks, and scan files on the computer.
Typically, worms that spread through chat programs appear as messages or links sent from friends, enticing users to click and activate them. However, Cuebot-K spreads by self-sending itself as a file named “wgavn.exe” without any accompanying message.
Once installation is complete, Cuebot-K registers as a new system device driver service called wgavn, which stands for Windows Genuine Advantage Validation Notification.
Ironically, Cuebot-K emerges at a time when WGA—the software it impersonates—is facing severe criticism for functioning much like spyware.
This software is designed to collect data about the user’s computer software and hardware and match it against a database of licensed operating systems. If it detects a pirated version of Windows, it will “report back” to headquarters. Microsoft will then warn the user and cut off certain free download services available to them.
Thien Yi
