Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: New malware poses as WGA validation and notification

  • Subject: Re: New malware poses as WGA validation and notification
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Tue, 04 Jul 2006 15:49:52 +0100
  • Newsgroups: comp.os.linux.advocacy
  • Organization: schestowitz.com / MCC / Manchester University
  • References: <1152011625.522207.40370@p79g2000cwp.googlegroups.com>
  • Reply-to: newsgroups@xxxxxxxxxxxxxxx
  • User-agent: KNode/0.7.2
__/ [ nessuno@xxxxxxxxxxxxxxxxxxx ] on Tuesday 04 July 2006 12:13 \__

> Quote:
> -----------------
> A new piece of very nasty malware has been recently discovered on
> spyware help forums, first here and again here. The file name is
> wgavn.exe and it creates a service named "Windows Genuine Advantage
> Validation Notification", as seen in this line in the HijackThis
> log....
> 
> On my virtual machine, it disabled the following: WinPatrol, an
> anti-spyware program, a third party firewall, VMware Tools, VMware User
> Process, and VPCUserServices by changing the values of the Run keys in
> HKEY_LOCAL_MACHINE. Another researcher reported it disabled the Windows
> firewall and System Restore.
> ----------
> End quote
> 
> http://blogs.zdnet.com/Spyware/?p=838

This very much reminds me of Sony's Rootkit, which opened the door to a
plethora of nasties that were by all means uninvited. This entire situation
makes you wonder how many backdoor have been set up in Windows, apart from
vulnerable remote login modules. So many machines out there are being
hijacked and used as tools of destruction on the Web.

Best wishes,

Roy

-- 
Roy S. Schestowitz      |    "Spam enchanted evening..."
http://Schestowitz.com  |  SuSE GNU/Linux   ¦     PGP-Key: 0x74572E8E
  3:45pm  up 67 days 20:48,  11 users,  load average: 1.23, 0.82, 0.37
      http://iuron.com - help build a non-profit search engine

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index