The malware, named Trojan.Kardphisher by Symantec, is a garden variety social engineering attack, but it contains an authentic-looking message from Microsoft that asks for personal and financial information.
After the trojan is installed and a user restarts his or her PC, a Windows XP-look-alike message pops up asking if the user wants to activate Windows over the web. If "no" is the answer, the PC is shut down. Other applications can not be run after the restart.
If a user does choose to run Windows over the web, the trojan asks the victim to enter his location, contact information, credit card number, PIN and card expiration date.
Most end-users should realise that Microsoft doesn’t need credit card information to validate a copy of Windows, Symantec researchers said today.
"Surely almost everyone will notice that something strange is going on, and hopefully very few people will actually become victims by inputting their credit card details," Takashi Katsuki said on the Symantec Security Response weblog today.
"But unfortunately, even the people who are not tempted to give up their information might well become victims the next time. After all, failure to follow the on-screen instructions results in your PC shutting down immediately."
Javier Santoyo, manager of development in Symantec’s research group, told SCMagazine.com today that he recommends affected users simply fill in the blanks with fake information.
"You’re limited to just going through the menus [after restart]. What I would do is recommend that you put in bogus information. As long as you fill in all the information, you can continue," he said. "It’s very typical of trojans, asking you for your credit card and personal information, but it doesn’t allow you to do anything else."
Trojan posing as 'Microsoft piracy control' message
By Frank Washkuch on May 7, 2007 10:05AM