Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Microsoft / Security

Security

Microsoft Confirms the Windows Activation Trojan Horse

Video demonstration

By Marius Oiaga, Technology News Editor

12th of May 2007, 12:58 GMT

Adjust text size:


Windows XP
Enlarge picture
Microsoft has confirmed Symantec reports related to the spreading of a Windows product activation Trojan horse. The malicious code, identified by the Cupertino-based company as Trojan.Kardphisher, is designed to attack Windows XP users, by masquerading as Microsoft's Windows Genuine Advantage tool.

According to Symantec, the malicious code in itself is only a minor threat, but the problem resides in the fact that the Trojan asks users to enter their credit card credentials. The social engineering aspect of this attack is quite well thought out and put together, as you will be able to see from the video embedded at the bottom, courtesy of Symantec.

"While not a technically sophisticated approach, this Trojan relies on a social engineering tactic to trick consumers into providing credit card and other personal data. Because of situations like this Microsoft recommends that people be very cautious about revealing personal and financial information online," revealed Alex Kochis, senior licensing manager on the WGA team.

Symantec's Takashi Katsuki posted the following instructions detailing the process users need to undertake to remove Trojan.Kardphisher:

1. Reboot the infected machine. You can do that by simply clicking the "No" and "Next" buttons,
or by doing a good-old fashioned hard reboot.
2. While Windows is starting, press the function 8 key (F8 key) to enter Safe Mode.
3. Click Start > Run.
4. Type regedit
5. Click OK.
6. Navigate to and delete these subkeys:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
CurrentVersionRunsoft2
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
CurrentVersionPoliciesSystemDisableTaskMgr
(If it exists)
7. Exit the Registry Editor.

Users also have the possibility to introduce fake information in order to access their computer. You will be able to enter virtually any combination of letters and numbers for the email address, phone number, expiration date, credit card number, CVV2 code, ATM PIN and name on card, as long they resemble genuine ones. Next, make your way to this registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
CurrentVersionRunsoft2.


TAGS:

 Windows XP | Trojan
Read by 4,662 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Very Good (4.0/5) 4 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Symbiotic Windows XP - Windows Vista Pirated

Mac and Linux' Viruses Growth to Explode - Not Windows Vista's

Windows XP Is Making the Mother of All Come-Backs

Windows Vista and XP - Hosted and Available Online

Steve Ballmer Compares Windows Vista to Windows 95 and XP

Download 2 Completely Free Variants of Windows XP SP2 from Microsoft

The Votes Are in: Kaspersky the Best Anti-Virus for Windows Vista

Bring Windows XP Back to Life after You Install Windows Vista

Late Blooming Security Solutions for Windows Vista

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive