Just when Microsoft had hoped things could not get any worse after the whole Windows Genuine Advantage phones home scandal, things have. Much worse, as the newly discovered Cuebot-K worm disguises itself as something called Windows Genuine Advantage Validation Notification.
Intended as an anti-piracy measure, WGA has in fact been nothing less than a spectacular PR disaster for Microsoft and a huge pain in the ass for end users. So much so that Microsoft has issued a new less intrusive version just a month after the initial release, as well as publishing instructions for removing WGA completely.
However, the WGA specter is going to hang around to haunt Microsoft for some time it seems. Antivirus specialists Sophos reveals that Cuebot-K, propagated by way of the AOL Instant Messenger software, disables the Windows firewall and opens up a backdoor route for remote access, malware execution and potentially a distributed denial of service launch pad for good measure. Cuebot-K copies itself to the Windows system folder as wgavn.exe and then creates a file called \Debug\dcpromo.log and registers wgavn as a new system driver service with an automatic startup type.
The clever tactic being that because of all the fuss over WGA, technically aware users who keep an eye on the list of running services will not be overly concerned by the fact that WGA is there. Unless they are really technically aware and removed the thing already, of course. Guess what my recommendation is?