PDA

View Full Version : Win Genuine Advtg spoofed!


Peter Creasey
July 3rd, 2006, 04:39 PM
I am certainly glad I resisted installing the Win Genuine Advantage update. Speaking of problems with Windows updates -- now another problem is reported...
While in and of itself a trojan IMO, the Windows Genuine Advanatge "phone home" program has been spoofed with anotehr malware known as Cuebot-K.

Users who attempt to remove the malware are falsely informed that getting rid of the program will result in system instability.

Once installed on infected machines, Cuebot-K disables Windows firewall and opens a backdoor on compromised machines, surrendering their control to hackers.
http://www.sophos.com/virusinfo/analyses/w32cuebotk.html

"This section contains the description and advanced technical information

W32/Cuebot-K is a instant messaging worm and backdoor for the Windows platform.

W32/Cuebot-K spreads via AOL Instant Messenger.

When first run W32/Cuebot-K copies itself to <Windows system folder>\wgavn.exe and creates the file <Windows folder>\Debug\dcpromo.log.

The file wgavn.exe is registered as a new system driver service named "wgavn", with a display name of "Windows Genuine Advantage Validation Notification" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:"

Judy G. Russell
July 3rd, 2006, 09:12 PM
Oh that's just so.... cute. NOT.