Worm pretends it is Windows Authentication Software

If it squeaks like a Vole....

By Nick Farrell

Tue Jul 11 2006, 08:56

MEDIA FRIENDLY anti-virus outfit Sophos has dug up a worm which pretends that it is Microsoft's super-popular Windows Authentication Software (WAS).

Sophos alleged that the worm, which is called Cuebot-K, is being distributed over AOL's instant-messaging network.

It has the public display name of "Windows Genuine Advantage Validation Notification" and registers itself as a system driver named "wgavn". If users try to remove it from the file manager they are told that their will be some system instability, or God will kill a kitten or something similar.

Cuebot-K disables the Windows OS firewall and turns the PC into a zombie (tsumba) which hands over data to other computers or could be used for distributed denial-of-service attacks.

The worm writers apparently are betting that people will be looking for an update of WGA, and since the software has spyware-like capabilities they will not think that there is anything wrong with the way it is behaving when it is installed.

More here. µ

The INQUIRER review of the year A look back at the big news stories of 2011 Friday, 23 December 2011, 08:00 AM Read more	Top 10 tasty treats in Android 4.0 Ice Cream Sandwich Face lock and NFC beam sharing are two of the updates Thursday, 27 October 2011, 12:40 PM Read more
Microsoft confirms antivirus features in Windows 8 And other security improvements Friday, 16 September 2011, 14:11 PM Read more	Microsoft will include antivirus software in Windows 8 File under Build rumours Thursday, 15 September 2011, 13:58 PM Read more
Hackers are developing Firefox scareware tricks Windows fake anti-virus development is not standing still Tuesday, 31 May 2011, 17:19 PM Read more	Mac fake anti-virus malware is evolving fast, doesn't need a password What works for Windows, works for Mac Thursday, 26 May 2011, 12:15 PM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Data Governance/Data Quali

This is a type of Business ...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Worm pretends it is Windows Authentication Software

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review