WGA has recently been branded as 'spyware' in that it collects unnecessary hardware and software data from users' PCs.
The Cuebot-K worm spreads via AOL Instant Messenger, registering itself as a new system driver service called 'wgavn'. It carries the display name 'Windows Genuine Advantage Validation Notification', and runs automatically during system startup.
Users who view the list of services are told that removing or stopping the service will result in 'system instability'.
Once in place the worm disables the Windows firewall, and opens a backdoor to infected computers which allows hackers to gain remote access, spy on users, and potentially launch distributed denial-of-service attacks.
"People may think they have been sent the file from one of their AOL IM buddies, but in fact the program has no friendly intentions," said Graham Cluley, senior technology consultant at Sophos.
"Technical Windows users would not be surprised to see WGA in their list of services, and may not realise that the worm is using that name as a cloak to hide the fact that it has infected the PC.
"If users heed the false warning about removing the program, and leave it running, they will present a backdoor to hackers that could allow them to gain control over the computer."
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff