[gui-talk] Fwd: New Trojan Horse Warning

Wed May 9 09:54:47 CDT 2007

Yo Ray,
Just got up and having enough trouble just opening the morning's first 
emails and ttrying to understand Did you check snopes and urban legends, 
too? If you didn't, I might do that when I wake up a little more.

From: "Ray Foret Jr." <rforetjr at bellsouth.net>
To: "NFBnet GUI Talk Mailing List" <gui-talk at nfbnet.org>
Sent: Wednesday, May 09, 2007 12:04 AM
Subject: Re: [gui-talk] Fwd: New Trojan Horse Warning

Joel,

    For once, we agree.  I sent another message telling exactly why.
Frankly, this is beginning to look a little suspicious to me.

Nothing against Steve, mind you.  But, as I say in another message, I've
done some looking around and found only ambiguous articles and nothing
specific on either:
www.grisoft.com
or:
www.symantec.com
IF this were legitimate, I would surely have found something in the half
hour I spent looking don't you think?

Sincerely yours,
The Constantly Barefooted,
Ray
Home phone and fax:
(985)853-0139
E-mail:
rforetjr at bellsouth.net
Skype Name:
barefootedray
Blog:
www.raysworld.blogs.com
Podcast .rss Feed:
http://feeds.feedburner.com/worldofray

God bless President George W. Bush!
God bless our troops!
and God bless America
----- Original Message ----- 
From: "Joel Deutsch" <jdeutsch at dslextreme.com>
To: "NFBnet GUI Talk Mailing List" <gui-talk at nfbnet.org>
Sent: Tuesday, May 08, 2007 10:31 PM
Subject: Re: [gui-talk] Fwd: New Trojan Horse Warning

Steve,

The one thing I wish were explained in this story is exactly how the Trojan
appears as received, and how to simply avoid it. if it's being circulated as
a file attachment, what's the filename, so you can just choose not to open
it? Or if it's an email with a response request, what's the subject line?

Anyone know? It would be nice to feel assured that I could just dodge the
thing, rather than have to figure out a workaround after getting stuck in
it.

Thanks.
----- Original Message ----- 
From: "Steve Pattison" <srp at internode.on.net>
To: "GUI Talk" <gui-talk at nfbnet.org>; "Access-L" <access-l at access-l.com>
Sent: Tuesday, May 08, 2007 7:52 PM
Subject: [gui-talk] Fwd: New Trojan Horse Warning

From: Parker at Vip conduit Vipcomm at mchsi.com
To: VIP Announce List VIP-Announce at googlegroups.com
New Trojan Horse Impersonates Windows Reactivation Message
Barry Levine, Mon May 7, 2:04 PM ET
A new Trojan Horse is making the rounds, impersonating Windows reactivation
and antipiracy
messages with the goal of duping users into divulging their credit card
information.
According to computer security firm Symantec, the Trojan, dubbed
Trojan.Kardphisher,
creates a Windows look-alike screen, headlined "Microsoft piracy control,"
and indicates
that the copy of Windows was activated by another user and needs to be
reactivated.
"To help reduce software piracy, please reactivate your copy of Windows
now," it
instructs. "You must activate Windows before you can continue to use it."
The user
is given two choices: reactivating Windows over the Internet immediately or
doing
it later. No other applications can be run, and Task Manager cannot be
launched to
force-quit the Trojan. Yes or No? If reactivation is deferred, the system is
shut
down. And if users proceed with the fake reactivation, a second screen
appears, requesting
private information that includes location, contact information, a credit
card number,
the card's expiration date and three-digit security number, and even an ATM
PIN.
The Trojan informs the user that the credit card information will not be
charged.
But, once entered, the information is sent to the fraud's perpetrators to
use as
they wish. The initial screen even references an actual Microsoft antipiracy
site:
microsoft.com/piracy.
Symantec said that the Trojan affects , , Windows Server 2003, and even
earlier versions
of Windows, including 95, 98, and NT.
Sometimes, Windows does indeed require reactivation, such as after
substantial hardware
upgrades, but Microsoft does not ask for financial information. The Trojan's
request
for reactivation and its close resemblance to actual Windows screens make it
a potentially
effective attack against some users, Symantec said.
While Symantec has posted detailed instructions on how to remove the Trojan,
some
observers have noted that fake information can be entered to "activate" an
infected
Windows machine when prompted, so that the Trojan could then be removed.
Trust No One
"This Trojan teaches us all a good lesson -- Trust No One," wrote Symantec's
Takashi
Katsuki on the company's blog. "Sometimes the creators of Trojans attempt to
impersonate
Microsoft, a bank, or even a government organization. Whatever the warning
or message
says, we must make very sure it is genuine before giving up any personal
details,
financial or otherwise." It is far better to doubt a genuine request until
proper
verification is provided, Katsuki went on to say, than it is to blindly
place your
trust in a message simply because it appears to have come from a trusted
source.
"Sad though it may be," Katsuki wrote, "the days of leaving your front door
unlocked
are over. In these times, we not only need a lock on the door, we need a
security
guard watching the front door, the back door, and everywhere in between."
Created on ... May 08, 2007
Regards Steve
Email: srp at internode.on.net
Skype: steve1963
MSN Messenger: internetuser383 at hotmail.com

--------------------------------------------------------------------------------

_______________________________________________
gui-talk mailing list
gui-talk at nfbnet.org
http://www.nfbnet.org/mailman/listinfo/gui-talk

--------------------------------------------------------------------------------

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.467 / Virus Database: 269.6.6/794 - Release Date: 5/8/2007 2:23
PM

_______________________________________________
gui-talk mailing list
gui-talk at nfbnet.org
http://www.nfbnet.org/mailman/listinfo/gui-talk

_______________________________________________
gui-talk mailing list
gui-talk at nfbnet.org
http://www.nfbnet.org/mailman/listinfo/gui-talk

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.467 / Virus Database: 269.6.6/794 - Release Date: 5/8/2007 2:23 
PM