IM worm poses as Windows Genuine Advantage
A new worm/backdoor is spreading via Instant Messaging masquerading as a Windows Genuine Advantage (WGA) program.
W32/Cuebot-K is a instant messaging worm and backdoor for the Windows platform and spreads via AOL Instant Messenger.
When first run W32/Cuebot-K copies itself to\wgavn.exe and creates the file \Debug\dcpromo.log.
The file wgavn.exe is registered as a new system driver service named "wgavn", with a display name of "Windows Genuine Advantage Validation Notification" and a startup type of automatic, so that it is started automatically during system startup.
Once installed, it runs each time the computer is started. Cuebot-K disables the Windows firewall and opens a backdoor that gives hackers the ability to take control of the computer.
You should be very wary about clicking links on instant messenger progams, especially from people you don't know.
W32/Cuebot-K is a instant messaging worm and backdoor for the Windows platform and spreads via AOL Instant Messenger.
When first run W32/Cuebot-K copies itself to
The file wgavn.exe is registered as a new system driver service named "wgavn", with a display name of "Windows Genuine Advantage Validation Notification" and a startup type of automatic, so that it is started automatically during system startup.
Once installed, it runs each time the computer is started. Cuebot-K disables the Windows firewall and opens a backdoor that gives hackers the ability to take control of the computer.
You should be very wary about clicking links on instant messenger progams, especially from people you don't know.
posted by C@sPEr at 8:57 PM
1 Comments:
If you use bug spray does it stop them?
Post a Comment
<< Home