May 5, 2007

Trojan Horse deactivates Windows

Security Company Symantec recently (Apr 26/2007) detected a Trojan sample called as Trojan.Kardphisher which could deactivates previously activated copies of Windows. Even though the threat is low it affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP. After infection, when you boot or restart your PC the window appears as shown in the image (courtesy Symantec). You can only choose only Yes or No. You can't run Task Manager or any other applications. If you choose No your PC will be shut down immediately. If you choose ‘Yes’ you'll be asked credit card details for reactivate Windows.

The Trojan is not very technical - it's really just another classic social-engineering attack. What makes it interesting is that the author has obviously taken great pains to make it appear legitimate.

For full details visit Symantec

No comments:

Post a Comment