Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."
on Yahoo and Microsoft take aim at lottery scams
by Rodney Churchyard | Nov 20, 2008 6:13 PM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."
on Shavlik Technologies to broaden its patch management offerings
by eric | Nov 20, 2008 8:15 AM
 
"it's great i tried it"
on McAfee offers free trial of security appliance
by divyacharan | Nov 20, 2008 12:24 AM
 
"I actually love the RoboForm software myself. I use it all of the time and it takes all of the ..."
on Siber Systems RoboForm Enterprise
by Omarra Byrd | Nov 18, 2008 8:19 AM
Malware

Trojan posing as 'Microsoft piracy control' message

  • Email a Friend
  • Print Page
Trojan posing as 'Microsoft piracy control' message
Related Articles
By Frank Washkuch
May 7, 2007 10:05 AM
Tags: Symantec: | Beware | of | 'Microsoft | piracy | control' | message | asking | for | credit | card | information
The malware, named Trojan.Kardphisher by Symantec, is a garden variety social engineering attack, but it contains an authentic-looking message from Microsoft that asks for personal and financial information.

After the trojan is installed and a user restarts his or her PC, a Windows XP-look-alike message pops up asking if the user wants to activate Windows over the web. If "no" is the answer, the PC is shut down. Other applications can not be run after the restart.

If a user does choose to run Windows over the web, the trojan asks the victim to enter his location, contact information, credit card number, PIN and card expiration date.

Most end-users should realise that Microsoft doesn’t need credit card information to validate a copy of Windows, Symantec researchers said today.

"Surely almost everyone will notice that something strange is going on, and hopefully very few people will actually become victims by inputting their credit card details," Takashi Katsuki said on the Symantec Security Response weblog today.

"But unfortunately, even the people who are not tempted to give up their information might well become victims the next time. After all, failure to follow the on-screen instructions results in your PC shutting down immediately."

Javier Santoyo, manager of development in Symantec’s research group, told SCMagazine.com today that he recommends affected users simply fill in the blanks with fake information.

"You’re limited to just going through the menus [after restart]. What I would do is recommend that you put in bogus information. As long as you fill in all the information, you can continue," he said. "It’s very typical of trojans, asking you for your credit card and personal information, but it doesn’t allow you to do anything else."

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
assessors card control credit data device information malware messagelabs microsoft patch patches pci security sophos stolen symantec tuesday vulnerability windows