Trojan Virus Spoofs Windows Activation

New Trojan virus spoofs Windows activation
** Posted on May 21st, 2007 **

Summary: New Trojan virus spoofs Windows activation and is nothing more than a well-disguised "phishing" scam.

NOTE: This alert is pertinent only for PC users running Microsoft Windows.

There is a new trojan virus on the internet, called Kardphisher, and it could be one of the trickiest computer scams ever made. It uses the Windows XP Activation screen to make a user think that their system has been activated on another computer. It then prompts them to reactivate their PC by entering in some of their personal information, including their credit card number. Never give your credit card details to anyone soliciting information…even if it appears to be or is Microsoft.

If you don’t enter in the credit card details the Trojan will shutdown your computer. The virus's creator even took it a step further by preventing you from running or switching to another application which is what makes this really nasty.

The Trojan also stresses that your credit card information is only for verification purposes and will not be charged:


"We will ask for you billing details, but your credit card will not be charged."


An obvious clue to the fact that this is a scam is from the improper grammar in the above sentence. It should be “ask for your billing details,” and they are making it even more obvious that this is a scam by not proofreading. I’m sure most people who are infected by the Trojan won’t even think twice about proceeding with the activation process, so try to warn friends and family about this.

Symantec has some recommendations on how to remove the Trojan for those that have been infected by it.

For more information about identity theft and phishing scams, please read:
Phishing scams
More Information about phishing

For further information about different computer hoaxes, viruses and scams, please visit the following webpage:
Email Hoaxes, SPAM, & Warnings

Information Services activates all USAO owned computers at time of deployment. Therefore, there is a never a user intervention required on any USAO owned computers as far as activation goes.


As always, please feel free to call Information Services if you have any questions or doubts.