Security analysts have detected a new piece of malware that appears to run as a Microsoft program used to detect unlicensed versions of its operating system. The malware has been classified as a worm and spreads through AOL's Instant Messenger program, said Graham Cluley, senior technology consultant for Sophos, a security vendor.
Sophos is calling it W32.Cuebot-K, a new variation in the Cuebot family of malware. The worm has a range of malicious functions. After it's installed, the worm immediately tries to connect to two Web sites, a sign it may try to download other bad programs on the machine. Cuebot-K can disable other software, shut off the Windows firewall, download new malicious programs, perform basic DDOS (distributed denial of service) attacks, scan local files and spawn a command prompt, Sophos said.