MSMVPS.COM

The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.

Welcome to MSMVPS.COM Sign in | Help

Home

Blogs

Media

Groups

Harry Waldron - Microsoft MVP Blog

Security News and Best Practices for corporate and home users

Cuebot-K IM Worm - Hides as a Windows Genuine Advantage Service

Users should always be careful to avoid processing files or URLs in the Instant Messaging environment. This new IM threat disguises itself like the new WGA process Microsoft is using to ensure the Windows OS has the proper license control keys.

Cuebot-K IM Worm - Hides as a Windows Genuine Advantage (WGA) Service
http://secunia.com/virus_information/30450/cuebot-k/
http://www.sophos.com/security/analyses/w32cuebotk.html

W32/Cuebot-K is a instant messaging worm and backdoor for the Windows platform. W32/Cuebot-K spreads via AOL Instant Messenger. The file wgavn.exe is registered as a new system driver service named "wgavn", with a display name of "Windows Genuine Advantage Validation Notification" and a startup type of automatic, so that it is started automatically during system startup.

Only published comments... Jun 30 2006, 10:54 PM by Harry Waldron

Comments

Donna's SecurityFlash said:

The fake Windows Genuine Advantage Tool (wgavn.exe) has been named as W32.Cuebot-K worm by Sophos. ...

July 1, 2006 2:12 AM

Name: (required)
Website: (optional)
Comments (required)
Remember Me?
Submit

This Blog

Syndication

Personal Links

Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems