What's worse than having to re-activate Windows XP? How about a fake re-activation that steals your credit card information! Takashi Katsuki, a Symantec researcher has posted a note about a rather devious Trojan that they're calling Kardphisher. It's no great shakes technically, but it has a very convincing appearance.
When you reboot an infested system you get a highly realistic-looking warning from "Microsoft Piracy Control". It states that someone else has used your activation code; to prove you're the legitimate owner you must re-activate and provide a credit card number. If you click "No, I will do it later", then boom! The system shuts down. But if you proceed you'll get another very realistic form asking for billing information. It even asks for the code printed on the back of your credit card. Suppose you do get suspicious and decide not to activate - your computer shuts down. Nasty!
According to Symantec, if you've kept your Norton AntiVirus definitions up to date you're not at risk. But if you do find this Trojan has weaseled onto your system, I'm not sure yet what you can do about it. Symantec's detailed removal instructions all involve performing specific tasks at your computer. If you can't start it up, you can't follow those instructions. I'm guessing that you can get away with entering fake billing information just so you can get access to the computer. But I'm not sure! Final advice from Katsuki - follow Fox Mulder's maxim and Trust No One. (Cue the X-Files theme...).
No comments:
Post a Comment