Top Threat: Windows Hacktivation

May 5, 2007

A clever Trojan tries to steal your credit card information by posing as the Windows activation interface.

Symantec is reporting on a Trojan horse that mimics the Windows activation interface.

What they are calling Trojan.Kardphisher doesn't do most of the technical things that Trojan horses usually do; it's a pure social engineering attack, aimed at stealing credit card information. In a sense, it's a standalone phishing program.

Once you reboot your PC after running the program, the program asks you to activate your copy of Windows and, while it assures you that you will not be charged, it asks for credit card information. If you don't enter the credit card information it shuts down the PC. The Trojan also disables Task Manager, making it more difficult to shut down..

Running on the first reboot is clever. It inherently makes the process look more like it's coming from Windows itself, and it removes the temporal connection to running the Trojan horse. The program even runs on versions of Windows prior to XP, which did not require activation.

This is not an attack that will sneak by you. The executable is nearly 1MB large. But if you find yourself in this situation you should be able to disable it in Windows Safe mode by removing the registry keys described in the Symantec writeup and deleting the program it points to. Updated antivirus software should also be able to remove it.

Rate this story - 4.4 /5 (9 votes)

rank
1
2
3
4
5

view popular

Other News

Analysts warn that FTC suit could damage Intel

Technology / Business

52 minutes ago | not rated yet | 0

The Federal Trade Commission's lawsuit against Intel Wednesday -- the most far-reaching in a string of recent regulatory actions -- poses a huge threat to the Santa Clara, Calif., chip giant and could reshape the semiconductor ...

French publishing house Le Seuil claimed that up to 4,000 of its works have been digitised by Google without consent

French court orders Google to stop scanning French books

Technology / Internet

3 hours ago | not rated yet | 0

A French court on Friday told Google that it cannot digitise French books without publishers' approval and ordered the online giant to pay 300,000 euros (430,000 dollars) in damages.

The Wall Street Journal said militants had intercepted the unencrypted downlink between US drones and ground control

Pentagon plays down security breach with US drones

Technology / Other

4 hours ago | not rated yet | 0

A day after the Pentagon acknowledged that Iraqi militants had used cheap software to intercept US drone feeds, a new report on Friday said senior military officials had dismissed that risk in 2004.

Hackers steal SKorean-US military secrets

Technology / Internet

5 hours ago | 1 / 5 (1) | 0

(AP) -- South Korea's military said Friday it was investigating a hacking attack that netted secret defense plans with the United States and may have been carried out by North Korea.

Mobile tech 'can replace cheques'

Technology / Hi Tech

5 hours ago | not rated yet | 2

(PhysOrg.com) -- With cheques due to be phased out in the UK by 2018 new security technology developed at Oxford University could offer a replacement, allowing people a secure way to pay in almost any situation.