14 DAY TRIAL // At the end of the past week, security company Symantec has issued a public warning related to Trojan.Kardphisher, a Trojan horse that deactivates genuine and activated copies of Windows. According to Symantec, the malicious program can successfully compromise a range of Windows platforms, including Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP. However, Microsoft's latest operating system, Windows Vista is not reported to be affected by the Trojan.
Trojan.Kardphisher was identified on April 26, 2007 and the virus definitions along with information pertaining to the Trojan horse were updated as of April 27. "Once executed, the Trojan creates the following file: [PATH TO THE TROJAN]keylog.dll. The Trojan creates the following registry subkeys: HKEY_LOCAL_MACHINESOFTWARE MicrosoftWindowsCurrentVersionRunsoft2 and HKEY_LOCAL_MACHINE SOFTWARE MicrosoftWindowsCurrentVersion PoliciesSystemDisableTaskMgr," informed Symantec.
Trojan.Kardphisher masquerades as a legitimate activation program from Microsoft, imitating the behavior of the Windows Genuine Advantage mechanism. However, Trojan.Kardphisher's actual purpose is to serve as a part of a social engineering scheme designed to steal confidential credit card data from Windows users. Since the initial reports of the malicious code, the situation remains virtually unchanged with Windows Vista users still not affected by it.
"This Trojan teaches us all a good lesson - Trust No One. Sometimes the creators of Trojans attempt to impersonate Microsoft, a bank, or even a government organization. Whatever the warning or message says, we must make very sure it is genuine before giving up any personal details, financial or otherwise. It's far better to doubt a genuine request until proper verification is provided, than it is to blindly place your trust in a communique simply because it appears to have come from a trusted source," commented Takashi Katsuki, Symantec Security Response Engineer.