Security analysts have detected a new piece of malware that appears to run as a Microsoft program used to detect unlicensed versions of its operating system.
Sophos is calling it W32.Cuebot-K, a new variation in the Cuebot family of malware. The worm has a range of malicious functions. After it’s installed, the worm immediately tries to connect to two Web sites, a sign it may try to download other bad programs on the machine.
If installed on a computer, Cuebot-K is registered as a new system device driver service named “wgavn.” When a list of services running on the computer is summoned, the worm appears as “Windows Genuine Advantage Validation Notification” Sophos said.