Skip to comments.Phoney Windows piracy check steals credit cards; New attack attempts to spoof WGA
Posted on 05/07/2007 7:17:40 PM PDT by holymoly
Online criminals are using Windows registration pages as new way to fool consumers into divugling confidential information, researchers with Symantec have noticed.
The security firm said that it has spotted a new trojan that steals credit card information by posing as an anti-piracy control for Windows XP.
The phishing trojan mimicks the behavior of Microsoft's Windows Genuine Advantage (WGA) anti-piracy software, which tracks down pirated copies of the operating system.
On startup, the trojan produces a window informing the user that their copy of Windows has been activated by another user. In order to "re-activate" Windows, the software asks the user to input a phone number, e-mail address, and credit card details.
When a user chooses not to enter the data, the trojan automatically shuts down the machine.
"Whatever the warning or message says, we must make very sure it is genuine before giving up any personal details, financial or otherwise," wrote researcher Takashi Katsuki in an article for the company's Security Response Weblog.
"It is far better to doubt a genuine request until proper verification is provided, than it is to blindly place your trust in a communiqué simply because it appears to have come from a trusted source."
This is not the first piece of malware to present itself as a Microsoft anti-piracy tool. Last summer, a instant-messaging worm presented itself to users as a WGA update.
Ironically, privacy advocates have previously charged that WGA itself amounts to spyware because it collects system data and reports back to Microsoft without the user's permission.
Are they sure that it really isn’t just a ‘feature’ of the Microsoft software?
>> Are they sure that it really isnt just a feature of the Microsoft software?
Sure, kid. Whydayathink they call it “Genuine Advantage”?
But seriously... it was just a matter of time before WGA was exploited.
I wonder how they make it happen upon startup? DNA spoof? Precursor virus or trojan?
now THAT is FUNNY!!!!
(Whew! According to thsi valuable tool *they* don’t have any of my credit cards!)
After dealing with Microsoft support and WGA validation day after day, I’m not sure who is the bigger threat; Microsoft or hackers. It’s a toss up.
Get rid of that nagging WGA
"Show me just what Mohammed brought that was new, and there you will find things only evil and inhuman, such as his command to spread by the sword the faith he preached." - Manuel II Palelologus
Long before the internet, but not bbs's.
Bump so I can find this thread tomorrow.
THAT is hysterical! Love it! :)
Drummie, mayhap you know someone who has internet paranoia... ;o)
This plays into the fact that Microsoft has gone to the trouble to distribute the application WGA, an application which is looking for piracy. Now a user (who has likely seen WGA mentioned a few times even if it is not installed) is being told, aha, there is a problem with piracy (something like one might expect from WGA) and in order to verify the user's identity as a legitimate user of Microsoft Windows, enter some identifying information.
My guess is that this is clever enough to fool a number of people.