WGA Imitation Spyware: Can't Blame Microsoft For This One

Dennis Faas's picture

As tension mounts over Microsoft's use of the anti-piracy install Windows Genuine Advantage (WGA), headlines today are reporting that Spyware goons have caught on and are circulating a program that poses as WGA.

The new malware imitates WGA in its file name, and is allegedly found most frequently on file transfer sites and through spam emails. The new Spyware, acting upon the segment of the tech population that isn't already avoiding WGA at all costs, can be found in at least two different ways. The first pops up in peer-to-peer file transfer programs, such as Kazaa, and prompts the user to install the proposed WGA validation.

In reality, there is no service provided with the above file. It appears as an HJT log file, and uses different wording than the legitimate installation Microsoft has been issuing. In short, do not install this file. (Source: temerc.com)

The second method of WGA imitation has been found -- surprise, surprise -- through spam emails.

Anti-spyware forums and websites have been lit up the last few days with reports that a rogue email is sending unsuspecting clickers to an automatic link. Those without any malware protection are not even being prompted before they click, and upon doing so (expecting to download Windows' new update) are instead hit with a Trojan downloader named wusetup.exe.

Once the file is installed, the user unknowingly becomes part of a botnet network hosted by a Russian server. Most concerning is the fact that, according to reports, less than half of presently available antivirus scanners are finding this Trojan downloader. (Source: blogs.zdnet.com)

Clearly, the new, routinely deceptive Spyware downloads will infect the most unsuspecting victims. Users not already wary of WGA should at least avoid peer-to-peer programs, spam emails, and perhaps most of all, failing to protect their machines.

Rate this article: 
No votes yet