Technology news and Jobs 
Fuzzy Logic Windows activation Trojan can catch the unwary
Fuzzy Logic Windows activation Trojan can catch the unwary | Windows activation Trojan can catch the unwary |
|
| by Alex Zaharov-Reutt | |
| Sunday, 06 May 2007 | |
  
Featured Whitepaper
5 Best Practices for Smartphone Support
Symantec says that Trojan.Kardphisher is a “Trojan horse that attempts to steal credit card numbers by tricking the user into entering their credit card details to activate Windows”. Frighteningly, if a user falls victim to this Trojan, the rogue software will shut down Windows should the user choose to “activate” their copy of Windows later, something that would easily spook novice and intermediate users into entering their details when they next turn their computer on, because the Trojan instantly activates itself again and prevents you from running other software. The Trojan, which you can see 'screen 1' of here, and then 'screen 2' of here, is incredibly brazen. Once you choose to “activate” your copy of Windows because the Trojan tells you that “Your copy of Windows was activated by another user”, it asks you to enter in your location, your contact information, your credit card number, your ATM pin number (!), your card’s expiration date and the 3-digit CVV2 number. The software tells you that your card won’t be charged, but that it needs the details to proceed with activation. Naturally, if you divulge your real details, they are sent off to the author of the Trojan, who can then use them to steal your identity, rack up credit card debts and do other nasty things. One suggestion from the web on dealing with the Trojan should you find yourself infected with it is to simply enter in fake details, simply so that you can get past the “activation” process and immediately find out how to remove the Trojan from your system. Thankfully, Symantec have posted removal instructions which tell you how to get rid of the Trojan. If a user does choose to run Windows over the web, the trojan asks the victim to enter location, contact information, credit card number, PIN and card expiration date. It’s important to know that Microsoft and other companies will NOT ask you to enter credit card details and other information for the simple purpose of activating software. Of course, you will be asked for some personal information if you are registering software you have just purchased, and we may well see attempts by the ‘bad guys’ to now create registration Trojans that look ever more realistic. The attempts at ‘social engineering’ to get you to voluntarily hand over sensitive private details are only going to increase, making it ever more imperative that users become ultra web-savvy, as well as protected as much as possible by Internet Security Suites from companies such as Symantec, McAfee, Trend Micro, ZoneAlarm, AVG and others, along with protective anti-phishing software such as TrustDefender www.trustdefender.com. If ever in doubt – err on the side of caution and never enter your real details. Get the help of a knowledgeable friend, call the tech support department of the software or hardware you are using, ask questions – don’t just hand over personal details that could expose you to identity theft, fraud and more – and make sure that you are using the very latest security programs and make sure their automatic update features are permanently turned on. {moscomment} |
Tags
| < Next story in category | Previous story in the category > |
|---|
