On Friday, security giant Symantec Corp. issued a warning against an in-the-wild Trojan horse that acts as a Windows activation program to trick users into entering credit card information in an attempt to reanimate their machines.
The Torjan, dubbed Kardphisher is nothing much technically, stated Takashi Katsuki, a Symantec researcher. However its author has “obviously taken great pains to make it appear legitimate.”
Here’s the scam. The Trojan installs itself onto a PC and presents the user with the following message:
“Your copy of Windows has been activated by another user.
To help reduce software piracy, please re-activate your copy of Windows now.
WE will ask for your billing details, but your credit card will NOT be charged.
You must activate Windows before you can continue to use it.
Microsoft is committed to your Privacy. For more information, www.microsoft.com/piracy.
Do you want to activate Windows now?”
Clicking on the “No,” option shuts down the PC, maintained Katsuki. While on the other hand selecting “Yes,” takes the user to a second screen where he or she is asked to enter her name and credit card information, which is then transmitted to the hacker’s server. “This Trojan teaches us all a good lesson,” continued Katsuki. “Trust no one.”
Details on the Trojan’s bogus re-activation screens look legit, and it plays off real-world behavior by Windows. For example, the website mentioned on the first screen is in reality Microsoft’s own anti-piracy site. And in some cases, such as after a user makes substantial hardware changes, Windows XP will demand reactivation. Microsoft, however, never demands any personal information, such as a credit card, during activation.
Kardphisher does not target the latest Windows Vista, which is even more likely to require reactivation. In fact, Microsoft patched Vista in January to quash a bug in the OS’s anti-piracy technology that was erroneously telling users they needed to reactivate.
Symantec offers the following advice:
This Trojan teaches us all a good lesson – Trust No One. This is the slogan from the TV show The X-Files, and very much applies when it comes to protecting your personal information. Sometimes the creators of Trojans attempt to impersonate Microsoft, a bank, or even a government organization. Whatever the warning or message says, we must make very sure it is genuine before giving up any personal details, financial or otherwise. It’s far better to doubt a genuine request until proper verification is provided, than it is to blindly place your trust in a communique simply because it appears to have come from a trusted source.