Source: Symantec Corp.
Recently we came across an interesting Trojan sample, detected by Symantec as Trojan.Kardphisher. The Trojan is not very technical – it’s really just another classic social-engineering attack. What makes it interesting is that the author has obviously taken great pains to make it appear legitimate.
When you restart your PC after the Trojan is installed, this window appears:
You can only choose only Yes or No. You can’t run Task Manager or any other applications. If you choose No your PC will be shut down immediately. If you choose Yes you’ll see this image:
Now you may think “It can’t be true. I have activated my legitimate copy of Windows. MS can’t do such a thing!”. Surely almost everyone will notice that something strange is going on, and hopefully very few people will actually become victims by inputting their credit card details. But unfortunately even the people who are not tempted to give up their information this time might well become victims the next time. After all, failure to follow the on-screen instructions results in your PC shutting down immediately.
This Trojan teaches us all a good lesson – Trust No One. This is the slogan from the TV show The X-Files, and very much applies when it comes to protecting your personal information. Sometimes the creators of Trojans attempt to impersonate Microsoft, a bank, or even a government organization. Whatever the warning or message says, we must make very sure it is genuine before giving up any personal details, financial or otherwise. It’s far better to doubt a genuine request until proper verification is provided, than it is to blindly place your trust in a communique simply because it appears to have come from a trusted source.
Sad though it may be, the days of leaving your front door unlocked are over. In these times we not only need a lock on the door, we need a security guard watching the front door, the back door, and everywhere in between.