Recently we came across an interesting Trojan sample, detected by Symantec as Trojan.Kardphisher. The Trojan is not very technical - it's really just another classic social-engineering attack. What makes it interesting is that the author has obviously taken great pains to make it appear legitimate.
How legitimate? Look at the screenshot:
The trojan runs on startup and pretend to be a Windows Activation dialog. Note how it asks for name, address, credit card number, expiry date and even ATM PIN!
So, beware. Windows Activation does not ask for this information. Also it offers the option to activate over the phone. If you are in doubt and the machine has been activated before, run an anti-virus!
Other related posts:
Windows 8 Mail app not hyperlinking emails
Are we seeing the death of Windows RT?
Windows 8 Consumer Preview
comments powered by Disqus