Geeks With Blogs

News Clicky Web Analytics

web stats View David Caddick ('s profile on LinkedIn

Search this Site!

Locations of visitors to this page
View My Stats eXTReMe Tracker
This posting is provided "AS IS" with no warranties, and confers no rights. The opinions expressed within are my own and should not be attributed to any other Individual, Company or the one I work for. I just happen to be a classic techie who is passionate about getting things to work as they should do (and are sometimes advertised and marketed as being able to?) and when I can I drop notes here to help others falling in to the same traps that I have fallen in to. If this has helped then please pass it on - if you feel that I have commented in error or disagree then please feel free to discuss with me either publically or privately? Cheers, Dave
Thin Clients, VDI and Linux integration from the front lines.... Raw and sometimes unedited notes based on my experiences with VMware, Thin Clients, Linux etc.

I was just reading this in PC Mag here in the US - It should never be overstated - ALWAYS question whether or not you really do need to enter something like your credit card details - OR - any other personal details for that matter, it's a Jungle out there.....!!

MS Needs Your Credit Card Details?

Recently we came across an interesting Trojan sample, detected by Symantec as Trojan.Kardphisher. The Trojan is not very technical - it's really just another classic social-engineering attack. What makes it interesting is that the author has obviously taken great pains to make it appear legitimate.

When you restart your PC after the Trojan is installed, this window appears:

You can only choose only Yes or No. You can't run Task Manager or any other applications. If you choose No your PC will be shut down immediately. If you choose Yes you'll see this image:

Now you may think "It can't be true. I have activated my legitimate copy of Windows. MS can't do such a thing!". Surely almost everyone will notice that something strange is going on, and hopefully very few people will actually become victims by inputting their credit card details. But unfortunately even the people who are not tempted to give up their information this time might well become victims the next time. After all, failure to follow the on-screen instructions results in your PC shutting down immediately.

This Trojan teaches us all a good lesson - Trust No One. This is the slogan from the TV show The X-Files, and very much applies when it comes to protecting your personal information. Sometimes the creators of Trojans attempt to impersonate Microsoft, a bank, or even a government organization. Whatever the warning or message says, we must make very sure it is genuine before giving up any personal details, financial or otherwise. It's far better to doubt a genuine request until proper verification is provided, than it is to blindly place your trust in a communique simply because it appears to have come from a trusted source.

Sad though it may be, the days of leaving your front door unlocked are over. In these times we not only need a lock on the door, we need a security guard watching the front door, the back door, and everywhere in between.

Update (5/8/07): We've recorded a movie of this threat in action. Check out the following video:

Posted by Takashi Katsuki on May 4, 2007 05:00 AM
Posted on Sunday, July 8, 2007 8:45 PM Microsoft Tips , Security | Back to top

Comments on this post: Windows Hactivation? MS Needs Your Credit Card Details? nice little phising expedition this to catch the unwary?

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Dave Caddick | Powered by: