Please support our Tech Talk advertiser:
Featured Entry 
Jul 4th, 2006, 6:30 am
•
•
•
•
Just when Microsoft had hoped things could not get any worse after the whole Windows Genuine Advantage phones home scandal, things have. Much worse, as the newly discovered Cuebot-K worm disguises itself as something called Windows Genuine Advantage Validation Notification.
Intended as an anti-piracy measure, WGA has in fact been nothing less than a spectacular PR disaster for Microsoft and a huge pain in the ass for end users. So much so that Microsoft has issued a new less intrusive version just a month after the initial release, as well as publishing instructions for removing WGA completely.
However, the WGA specter is going to hang around to haunt Microsoft for some time it seems. Antivirus specialists Sophos reveals that Cuebot-K, propagated by way of the AOL Instant Messenger software, disables the Windows firewall and opens up a backdoor route for remote access, malware execution and potentially a distributed denial of service launch pad for good measure. Cuebot-K copies itself to the Windows system folder as wgavn.exe and then creates a file called \Debug\dcpromo.log and registers wgavn as a new system driver service with an automatic startup type.
The clever tactic being that because of all the fuss over WGA, technically aware users who keep an eye on the list of running services will not be overly concerned by the fact that WGA is there. Unless they are really technically aware and removed the thing already, of course. Guess what my recommendation is?
Intended as an anti-piracy measure, WGA has in fact been nothing less than a spectacular PR disaster for Microsoft and a huge pain in the ass for end users. So much so that Microsoft has issued a new less intrusive version just a month after the initial release, as well as publishing instructions for removing WGA completely.
However, the WGA specter is going to hang around to haunt Microsoft for some time it seems. Antivirus specialists Sophos reveals that Cuebot-K, propagated by way of the AOL Instant Messenger software, disables the Windows firewall and opens up a backdoor route for remote access, malware execution and potentially a distributed denial of service launch pad for good measure. Cuebot-K copies itself to the Windows system folder as wgavn.exe and then creates a file called \Debug\dcpromo.log and registers wgavn as a new system driver service with an automatic startup type.
The clever tactic being that because of all the fuss over WGA, technically aware users who keep an eye on the list of running services will not be overly concerned by the fact that WGA is there. Unless they are really technically aware and removed the thing already, of course. Guess what my recommendation is?
- Davey Winder, staff writer aka happygeek
•
•
•
•
advertising apple blog browser business daniweb data dell development economy email firefox forensic gaming google hacking hardware ibm intel internet iphone ipod linux mac malware microsoft mobile mozilla mp3 music news open source privacy programming search security software sony spam stocks technology ubuntu video vista web windows xp yahoo youtube
All Recent Tags Comments (Newest First)
kleinbaas | Newbie Poster | Apr 19th, 2007
•
•
•
•
If you want to get rid of the Windows Genuine Advantage program and be able to update XP, just get the XP Validation CD from www.discmaster.info and run the Validation Utility.
The CD has all the working (latest) Validation tools, and includes tools to Validate Media Player 11 plus related Fix/Hack tools and info. Just click on http://www.discmaster.info/UK/tools.htm or http://www.diskmaster.info/USA/tools.htm
Hope this Helps!
The CD has all the working (latest) Validation tools, and includes tools to Validate Media Player 11 plus related Fix/Hack tools and info. Just click on http://www.discmaster.info/UK/tools.htm or http://www.diskmaster.info/USA/tools.htm
Hope this Helps!
happygeek | He's The Daddy | Jul 4th, 2006
jwenting | duckman | Jul 4th, 2006
•
•
•
•
tough luck on all the AOHell pundits who're stupid enough to open messages with attachments and don't run AV software.
Post Comment
•
•
•
•
DaniWeb Marketplace (Sponsored Links)
Related Blog Entries
- Spam swings from Viagra to Versace (22 Hours Ago)
- Chinese quake should not threaten Intel chip supply (1 Day Ago)
- The botnet stripped naked and exposed (2 Days Ago)
- Fedora 9: All That and a Bag O' Chips (2 Days Ago)
- F1 racing drivers at risk from hard drive blackmail plot (3 Days Ago)
- What Does the Future Hold for the OS? (4 Days Ago)
- Jasper is just a stepping stone to Valhalla for Microsoft Xbox 360 gamers (4 Days Ago)
- Is Google an open relay spammer? (5 Days Ago)
- Computing and disabilities (8 Days Ago)
- Chinese Army of Hackers attack Belgium (8 Days Ago)
Related Forum Threads
- Windows users(group) in network(share file) (Networking Hardware Configuration)
- Computer Useless, Windows XP Freezes unpredictably (Viruses, Spyware and other Nasties)
- new window in Internet Explorer is always blank (Web Browsers)
- Linux/Windows "Workgroup" Home User-Suse 9.2 (Getting Started and Choosing a Distro)
- windows messanger wont stop starting on startup (Windows NT / 2000 / XP / 2003)
- Another HotOffers Hijack (HJT log incl) (Viruses, Spyware and other Nasties)
- AHAR! No more windows update fer me (Techies' Lounge)
- New Worm Infects Without Attachment (Windows Users Lounge)
- Windows XP System Stability (restore) freeze (Windows NT / 2000 / XP / 2003)
