CyberInsecure.com

Daily cyber threats and internet security news alerts
November 19th, 2008

Fake Windows XP Activation Steals Credit Cards And Personal Details Including SSN

Kardphisher Trojan, which was first spotted in the wild in April 2007, is a malware that is mimicking the Windows XP activation interface while collecting the credit card details the end user submits. In the new version there are significant changes to visual interface and usability of the trojan, consequently improving its authenticity.

When a gullible end user falls victim into this social engineering attack, the credit card details end up automatically into an IRC channel specifically set for that purposes. Some of changes in the new version include more legitimately looking color scheme, improved restrictions making it much harder for the end user to close the application without submitting their credit card details, built-in validation of credit cards and email, next to displaying the current product key to make the application look more legitimate.

Once the user enters all the validated data, the new version of the tool automatically removes itself as if the activation was successful. A bogus “verified by Visa” message will then request social security number and a date of birth, which makes the trojan the perfect tool in the hands of identity thieves relying on nothing else but plain simple social engineering impersonation of Microsoft.

Systems affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP. Once executed, the Trojan creates the file keylog.dll and creates the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\soft2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
HKEY_CURRENT_USER\Software\sft\c

The Trojan will shut down the compromised computer if the user does not enter their credit card numbers and prevents the user from running or switching to another application or task manager. Stolen information to be sent to http://81.29.241.170/in.*******.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn
More on CyberInsecure:
  • Top Quality Stolen Credit Cards And Bank Details For Sale
  • Identity Thieves Steal Personal Data Of 32,000 LexisNexis Customers
  • Recent Security Breach In Okemo Mountain Resort
  • Yahoo! Groups Are Used By Phishers To Send Personalized Scam Emails
  • Almost 99,000 Credit Cards Compromised In Data Theft In “Forever 21″ Retail Stores

    • Posted in Data Theft, Malware, Phishing, Privacy, Trojans & Worms, Windows | Print This Post Print This Post

    This entry was posted on Wednesday, November 19th, 2008 at 5:58 am and is filed under Data Theft, Malware, Phishing, Privacy, Trojans & Worms, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Fake Windows XP Activation Steals Credit Cards And Personal Details Including SSN

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word

    « « McColo Hosting Provider Goes Offline With Around 500,000 Bots But Resurrects Few Days Later To Allow Miscreants To Reorganize
    Software Package Supplied By Lenovo Contained Malware » »