Microsoft WGA Attracts Copycat Worm and Second Lawsuit

By Matt Hines  |  Posted 07-05-2006 Print Email
Malware writers have created a new worm virus disguised as Microsoft's Windows Genuine Advantage, the real version of which has been targeted by a second lawsuit.
Security researchers have identified a worm virus masked to appear as Microsoft's Windows Genuine Advantage anti-piracy program, while end users have filed a second lawsuit against the software giant's use of the actual program.

Workers at anti-virus specialist Sophos were among the first to unearth the worm disguising itself as WGA. Dubbed by the firm as Cuebot-K, the virus is spreading over AOL's popular instant messaging network posing as Microsoft's controversial anti-piracy software.

Sophos said Cuebot-K is registering itself on infected PCs as a new system driver service named "wgavn" that also bears the public display name of "Windows Genuine Advantage Validation Notification." The virus automatically runs during system startup, and users who view the list of services offered by the threat are informed that removing or stopping the service will result in system instability.

Researchers indicated that once in place, Cuebot-K disables the Windows OS firewall and opens a backdoor to infected computers, which could potentially allow hackers to gain remote access of a machine to spy on users or launch DDOS (distributed denial-of-service) attacks.

Adding to the threat is widespread controversy over WGA that has forced Microsoft to offer an updated version of the program, a previous iteration of which some people have labeled as having spywarelike capabilities. End users looking for that update could unknowingly expose themselves to Cuebot-K, experts said.

"People may think they have been sent the file from one of their AOL IM buddies, but in fact the program has no friendly intentions, and technical Windows users wouldn't be surprised to see WGA in their list of services, and so may not realize that the worm is using that name as a cloak to hide the fact that it has infected the PC," said Graham Cluley, senior technology consultant at Sophos, based in Abingdon, U.K. "Once in place, this malware disables the firewall and opens a backdoor by which hackers can gain control over your computer to steal, spy and launch DOS attacks."

Microsoft representatives didn't immediately return calls seeking comment on the WGA-themed virus.

Adding to the company's headaches over WGA, Microsoft has also been hit with a second class-action lawsuit filed over the capabilities of a previous version of the anti-piracy software.

Click here to read more about the first lawsuit.

In a case filed on June 29 in the United States District Court of Seattle, plaintiffs Engineered Process Controls and Univex, along with individual end users David DiDomizio, Edward Misfud and Martin Sifuentes, have charged that Microsoft's technology amounts to a form of spyware.



 

Submit a Comment

Loading Comments...
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date