Trojan Hoaxes Windows Activation, Requests Financial Info

A new Trojan is in circulation that has a dishonest feature, alerts Symantec. The Trojan called Kardfisher tricks the user by displaying a warning on Windows' screen that there is need to revalidate the Windows. It then asks for information, typically confidential. Ars Technica published this in news on May 9, 2007.

The Trojan creates a screen looking similar to Windows with the title "Microsoft piracy control". It says that some user activated the copy of Windows that now requires reactivation.

The Trojan instructs that in order to reduce software piracy, the user must reactivate his/her copy of Windows in order to continue using it. The message gives two choices: reactivating Windows online right away or at a later period. The Trojan does not allow any application to run and prevents launching of Task Manager to exit the Trojan.

If the user clicks on "No" it shuts down the computer and the user can't start Task Manager or any other application as long as the Trojan remains there. Alternatively, if the user clicks on "Yes" a second screen shows saying that Windows is activating on the PC. Following the fake reactivation another screen emerges asking for private details like location, contact information, credit card number, its expiry date, a security number and also an ATM PIN.

Sometimes following hardware upgrades Windows requires activation but for that Microsoft never asks for financial details. This Trojan is a potential attack against users as it requests for reactivation and has a close similarity with true Windows screen, said Symantec, as per the news published by NewsFactor Business Report on May 7, 2007.

The Trojan harms Windows XP, Windows 2000, Windows Server 2003 as well as earlier versions of Windows like 95, 98 and NT, Symantec said.

An important lesson from the Trojan is not to trust anyone, wrote Takashi Katsuki of Symantec. NewsFactor Network put this in news on May 7, 2007. Often the trojans show messages purporting to be from Microsoft, a bank or even a government entity. Irrespective of the message or warning, users must ensure its authenticity before disclosing personal, financial or any other information, Katsuki added.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 5/17/2007