HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 11 MINUTES AGO.
You are here: Home / Network Security / Trojan Mimics Windows Reactivation
New Trojan Mimics Windows Reactivation
New Trojan Mimics Windows Reactivation
By Barry Levine / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MAY
07
2007


A new Trojan Horse is making the rounds, impersonating Windows reactivation and antipiracy messages with the goal of duping users into divulging their credit card information.

According to computer Relevant Products/Services firm Symantec, the Trojan, dubbed Trojan.Kardphisher, creates a Windows look-alike screen, headlined "Microsoft piracy control," and indicates that the copy of Windows was activated by another user and needs to be reactivated.

"To help reduce Relevant Products/Services piracy, please reactivate your copy of Windows now," it instructs. "You must activate Windows before you can continue to use it." The user is given two choices: reactivating Windows over the Internet immediately or doing it later. No other applications can be run, and Task Manager cannot be launched to force-quit the Trojan.

Yes or No?

If reactivation is deferred, the system is shut down. And if users proceed with the fake reactivation, a second screen appears, requesting private information that includes location, contact information, a credit card number, the card's expiration date and three-digit security number, and even an ATM PIN.

The Trojan informs the user that the credit card information will not be charged. But, once entered, the information is sent to the Relevant Products/Services's perpetrators to use as they wish. The initial screen even references an actual Microsoft antipiracy site: microsoft.com/piracy.

Symantec said that the Trojan affects Windows XP, Windows 2000, Windows Server 2003, and even earlier versions of Windows, including 95, 98, and NT.

Sometimes, Windows does indeed require reactivation, such as after substantial hardware upgrades, but Microsoft does not ask for financial information. The Trojan's request for reactivation and its close resemblance to actual Windows screens make it a potentially effective attack against some users, Symantec said.

While Symantec has posted detailed instructions on how to remove the Trojan, some observers have noted that fake information can be entered to "activate" an infected Windows Relevant Products/Services when prompted, so that the Trojan could then be removed.

Trust No One

"This Trojan teaches us all a good lesson -- Trust No One," wrote Symantec's Takashi Katsuki on the company's blog. "Sometimes the creators of Trojans attempt to impersonate Microsoft, a bank, or even a government organization. Whatever the warning or message says, we must make very sure it is genuine before giving up any personal details, financial or otherwise."

It is far better to doubt a genuine request until proper verification is provided, Katsuki went on to say, than it is to blindly place your trust in a message simply because it appears to have come from a trusted source.

"Sad though it may be," Katsuki wrote, "the days of leaving your front door unlocked are over. In these times, we not only need a lock on the door, we need a security guard watching the front door, the back door, and everywhere in between."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY

NETWORK SECURITY SPOTLIGHT
Nearly half (49.5 percent) of all Android phones are still vulnerable to a security bug that allows attackers to modify or replace a seemingly benign app with malware without users' knowledge.
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.