If it squeaks like a Vole....
MEDIA FRIENDLY anti-virus outfit Sophos has dug up a worm which pretends that it is Microsoft's super-popular Windows Authentication Software (WAS).
Sophos alleged that the worm, which is called Cuebot-K, is being distributed over AOL's instant-messaging network.
It has the public display name of "Windows Genuine Advantage Validation Notification" and registers itself as a system driver named "wgavn". If users try to remove it from the file manager they are told that their will be some system instability, or God will kill a kitten or something similar.
Cuebot-K disables the Windows OS firewall and turns the PC into a zombie (tsumba) which hands over data to other computers or could be used for distributed denial-of-service attacks.
The worm writers apparently are betting that people will be looking for an update of WGA, and since the software has spyware-like capabilities they will not think that there is anything wrong with the way it is behaving when it is installed. More
here.