MS Needs Your Credit Card Details?

Recently we came across an interesting Trojan sample, detected by Symantec as Trojan.Kardphisher.The Trojan is not very technical - it's really just another classicsocial-engineering attack. What makes it interesting is that the authorhas obviously taken great pains to make it appear legitimate.

When you restart your PC after the Trojan is installed, this window appears:

You can only choose only Yes or No. You can't run Task Manager or anyother applications. If you choose No your PC will be shut downimmediately. If you choose Yes you'll see this image:

Now you may think "It can't be true. I have activated my legitimatecopy of Windows. MS can't do such a thing!". Surely almost everyonewill notice that something strange is going on, and hopefully very fewpeople will actually become victims by inputting their credit carddetails. But unfortunately even the people who are not tempted to giveup their information this time might well become victims the next time.After all, failure to follow the on-screen instructions results in yourPC shutting down immediately.

This Trojan teaches us all a good lesson - Trust No One. This is the slogan from the TV show The X-Files,and very much applies when it comes to protecting your personalinformation. Sometimes the creators of Trojans attempt to impersonateMicrosoft, a bank, or even a government organization. Whatever thewarning or message says, we must make very sure it is genuine beforegiving up any personal details, financial or otherwise. It's far betterto doubt a genuine request until proper verification is provided, thanit is to blindly place your trust in a communique simply because itappears to have come from a trusted source.

Sad though it may be, the days of leaving your front door unlocked areover. In these times we not only need a lock on the door, we need asecurity guard watching the front door, the back door, and everywherein between.

Update (5/8/07): We've recorded a movie of this threat in action. Check out the following video: