Worm Masquerades as Microsoft Antipiracy Program

[Corrine]

There is already a worm that spreads through AIM (AOL Instant Messenger) and disguises itself as WGA. As reported by Jeremy Kirk of "IDG News Service" on Friday, June 30, 2006, in Worm Masquerades as Microsoft Antipiracy Program:

"Sophos is calling it W32.Cuebot-K, a new variation in the Cuebot family of malware. The worm has a range of malicious functions. After it's installed, the worm immediately tries to connect to two Web sites, a sign it may try to download other bad programs on the machine."

Mr. Kirk also reported from Sophos PLC, a security vendor, that Cuebot-K can disable other software, shut off the Windows firewall, download other malicious programs, perform DDoS (distributed denial of service) attacks, and more.

[epp_b]

The only part I'm struggling with is deciding whether this or WGA is worse!

[Corrine]

I've been following the analyzis of this worm. It is definitely not WGA, but WGA was most definitely targeted. Here's Suzi Turner's writeup: http://blogs.zdnet.com/Spyware/?p=838

[Guest LilBambi]

My Jim says ... Actually, WGA is worse ... This worm/exploit wouldn't be possible without WGA.

[Corrine]

Your Jim does have a good point.

[Guest LilBambi]