Security analysts have detected a new piece of malware that appears to run as a Microsoft program used to detect unlicensed versions of its operating system. The malware has been classified as a worm and spreads through AOL´s Instant Messenger program, said Graham Cluley, senior technology consultant for Sophos, a security vendor.
Sophos is calling it W32.Cuebot-K, a new variation in the Cuebot family of malware. The worm has a range of malicious functions. After it´s installed, the worm immediately tries to connect to two Web sites, a sign it may try to download other bad programs on the machine.
Cuebot-K can disable other software, shut off the Windows firewall, download new malicious programs, perform basic DDOS (distributed denial of service) attacks, scan local files and spawn a command prompt, Sophos said.
Worms that spread through instant messaging programs often appear as messages or links sent from friends, which trick a user into executing the program. Cuebot-K propagates by sending itself as a file named “wgavn.exe” to more people in the user´s “Buddy List” but without a message, Cluley said.Read Full Story