CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
November 19th, 2008

Fake Windows XP Activation Steals Credit Cards And Personal Details Including SSN

Kardphisher Trojan, which was first spotted in the wild in April 2007, is a malware that is mimicking the Windows XP activation interface while collecting the credit card details the end user submits. In the new version there are significant changes to visual interface and usability of the trojan, consequently improving its authenticity.

When a gullible end user falls victim into this social engineering attack, the credit card details end up automatically into an IRC channel specifically set for that purposes. Some of changes in the new version include more legitimately looking color scheme, improved restrictions making it much harder for the end user to close the application without submitting their credit card details, built-in validation of credit cards and email, next to displaying the current product key to make the application look more legitimate.

Once the user enters all the validated data, the new version of the tool automatically removes itself as if the activation was successful. A bogus “verified by Visa” message will then request social security number and a date of birth, which makes the trojan the perfect tool in the hands of identity thieves relying on nothing else but plain simple social engineering impersonation of Microsoft.

Systems affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP. Once executed, the Trojan creates the file keylog.dll and creates the following registry subkeys:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunsoft2
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskMgr
HKEY_CURRENT_USERSoftwaresftc

The Trojan will shut down the compromised computer if the user does not enter their credit card numbers and prevents the user from running or switching to another application or task manager. Stolen information to be sent to http://81.29.241.170/in.*******.

Share this item with others:

More on CyberInsecure:
  • Top Quality Stolen Credit Cards And Bank Details For Sale
  • Trojans Likely To Follow Win 7 Activation Hack
  • Identity Thieves Steal Personal Data Of 32,000 LexisNexis Customers
  • Ransomware Blocks Internet Access, Forces Users To Send Premium Rate SMS
  • Yahoo! Groups Are Used By Phishers To Send Personalized Scam Emails

    • Posted in Data Theft, Malware, Phishing, Privacy, Trojans & Worms, Windows | Print This Post Print This Post

    This entry was posted on Wednesday, November 19th, 2008 at 5:58 am and is filed under Data Theft, Malware, Phishing, Privacy, Trojans & Worms, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Fake Windows XP Activation Steals Credit Cards And Personal Details Including SSN

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »