Top Threat: Windows Hacktivation

May 05, 2007

A clever Trojan tries to steal your credit card information by posing as the Windows activation interface.

Symantec is reporting on a Trojan horse that mimics the Windows activation interface.

What they are calling Trojan.Kardphisher doesn't do most of the technical things that Trojan horses usually do; it's a pure social engineering attack, aimed at stealing credit card information. In a sense, it's a standalone phishing program.

Once you reboot your PC after running the program, the program asks you to activate your copy of Windows and, while it assures you that you will not be charged, it asks for credit card information. If you don't enter the credit card information it shuts down the PC. The Trojan also disables Task Manager, making it more difficult to shut down..

Running on the first reboot is clever. It inherently makes the process look more like it's coming from Windows itself, and it removes the temporal connection to running the Trojan horse. The program even runs on versions of Windows prior to XP, which did not require activation.

This is not an attack that will sneak by you. The executable is nearly 1MB large. But if you find yourself in this situation you should be able to disable it in Windows Safe mode by removing the registry keys described in the Symantec writeup and deleting the program it points to. Updated antivirus software should also be able to remove it.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: The new Candy Crush? Chinese language apps make learning a game

add to favorites email to friend print save as pdf

Related Stories

Obama recommends extended wilderness zone in Alaska

11 hours ago

US President Barack Obama said Sunday he would recommend a large swath of Alaska be designated as wilderness, the highest level of federal protection, in a move likely to anger oil proponents.

NASA craft set to beam home close-ups of Pluto

11 hours ago

Nine years after leaving Earth, the New Horizons spacecraft is at last drawing close to Pluto and on Sunday was expected to start shooting photographs of the dwarf planet.

Navy wants to increase use of sonar-emitting buoys

13 hours ago

The U.S. Navy is seeking permits to expand sonar and other training exercises off the Pacific Coast, a proposal raising concerns from animal advocates who say that more sonar-emitting buoys would harm whales ...

Uganda seizes massive ivory and pangolin haul

13 hours ago

Ugandan wildlife officers have seized a huge haul of elephant ivory and pangolin scales, representing the deaths of hundreds of endangered animals, police said Sunday.

Recommended for you

New app first to use gesture for language learning

Jan 29, 2015

While you might think a person shaking her phone or tablet from side to side is having issues with the device, she might actually be playing a game that has her mimicking a steering wheel motion as part of ...

Linux distrib vendors make patches available for GHOST

Jan 29, 2015

Qualys said on Tuesday that there was a serious weakness in the Linux glibc library. During a code audit, Qualys researchers discovered a buffer overflow in the __nss_hostname_digits_dots() function of glibc. ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.