IE 11 is not supported. For an optimal experience visit our site on another browser.

Fake Microsoft Office tool hides worm

A security firm found a worm that disguises itself as Office Genuine Advantage, a program Microsoft deployed in the past to validate copies of Office.
/ Source: SecurityNewsDaily

If you use Microsoft Office, a sneaky and harmful worm may be out to infect your system.

The security firm Bitdefender found a worm, identified as Win32.Worm.Coidung.B, that disguises itself as Office Genuine Advantage (OGA), a program Microsoft deployed in the past to validate customers' copies of Office and let them download files and updates from the Microsoft website. Microsoft retired OGA in December 2010, but that hasn't stopped the attackers from using it to ensnare victims a year later.

( is a joint venture of Microsoft and NBC Universal.)

The fraudulent OGA program, labeled "office_genuine.exe," is spreading via Yahoo Messenger, and once the attachment is downloaded, it opens a portal in people's computers for another infected file, Win32.Virtob, to do its damage.

Bitdefender's Loredana Botezatu wrote of Coidung, "The worm operates fast, disables the Windows Firewall and opens a back door to allow a remote attacker to access and control the compromised computer."

Adding insult to infection, Coidung makes copies of itself and hides them in multiple system folders under various names, Botezatu said. The worm prevents its multiple copies from being deleted, deactivated or removed.

The Coidung worm even comes bundled with a virus, Win32.Virtob, which operates separately and infects Web application files on the compromised machines.

This threat applies only to the Microsoft Office suite. The overall Windows Genuine Advantage (WGA) program, which validates copies of Windows 7 or Vista, is still in effect.

Online scammers often piggyback on the legitimacy of anti-virus or threat-detecting software to launch attacks. Right around the time OGA was decommissioned last year, crooks began spreading malware by disguising it as a Microsoft Security Essentials update.

The best advice to avoid falling victim to these types of threats is to avoid downloading suspicious attachments, especially if they come in unsolicited emails.