Friday, May 4, 2007

The Trojan that might get even the paranoid user's CC number

Symantec has the skinny on a new Trojan that is just now beginning to make the rounds in the wild. It's not yet widespread, but be prepared just in case you run into it.

"Recently we came across an interesting Trojan sample, detected by Symantec as Trojan.Kardphisher. The Trojan is not very technical - it's really just another classic social-engineering attack. What makes it interesting is that the author has obviously taken great pains to make it appear legitimate."

The Trojan presents screens on boot up that state you need to re-activate Windows. The twist is that during the process it asks the user for their CC information.

The screenshots in question look very much like the original Windows Activation screens, same theme, color, logos, etc. Even the "engrish" which is generally a dead giveaway is fairly polished. Worse, if you refuse to cooperate the Trojan shuts down your system immediately - a tactic that is also used by Microsoft when Windows Genuine Advantage thinks you stole their system. The next time you power-up, you are again given the fake option to re-activate your Windows installation - complete with the request for your CC info.

Fake Windows Activation Trojan

Arm yourselves and your computer-challenged family members with this simple reminder:

The real activation process from Microsoft will NOT ask for your Credit Card. Nor will their support staff.

I'm half expecting the next step from Trojan authors using this tactic to include an 800 number purporting to be for Microsoft Support but that will connect you to some mafia-run phone center. There they would -- in theory -- collect even more personal information with which they could steal your entire identity.