W32.Cuebot-K worm appears as Microsoft antipiracy program

The fake Windows Genuine Advantage Tool (wgavn.exe) has been named as W32.Cuebot-K worm by Sophos.

Cuebot-K propagates by sending itself as a file named “wgavn.exe” to more people in the user’s “Buddy List” but without a message, Cluley said.

More in http://www.infoworld.com/article/06/06/30/HNwormmsantipiracy_1.html

I just viewed Sophos’ Threat analyses page – by name (letter C) but they don’t have the article for Cuebot-K yet (maybe later).  At the time of this writing, they got articles for Cuebot-A to Cuebot-J only (at least, it has been detected now and let’s hope that all other security vendors that has malware detections for worms will be able to protect the users soon!)

Attached Image

@All instant messaging users,

Please see:  “Click a link.. get infected?” or read some tips for Safer Instant Messaging! to avoid such infection in using instant messengers.


Update:  Sophos got Cuebot-K article up where it confirmed that the worm W32/Cuebot-K spreads via AOL Instant Messenger. (Thanks to Microsoft MVP Harry Waldron)

Leave a Reply