[gui-talk] Fwd: New Trojan Horse Warning

Steve Jacobson steve.jacobson at visi.com
Wed May 9 09:39:12 CDT 2007 

I am also having trouble finding any specific information about this trodjan horse having not looked when I replied to Joel's message.  I find it a little unusual that the 
note mentions Symantec but Ray doesn't find a reference there.  Being on Kim Komando doesn't help much unless we know exactly what was said.

I think people need to learn that you generally should never trust an unsolicited invitation to visit a web site or an attachment, even from a friend, unless that friend 
has specifically said it was being sent.  In my opinion, there are multiple problems with these announcements.  First they are usually a hoax that causes confusion.  
Second, circulating specific announcements like this undercuts the point that there really is no need to consider whether such solicitations are true or not.  One 
needs to always resist opening an unsolicited link or attachment, pure and simple.  third, they cause lots of lists like this to spend time on what is really off topic.  
Now, maybe we should debate whether an inaccessible trodjan horse violates any laws.  <smile>

On Wed, 9 May 2007 10:12:07 -0400, Don Moore wrote:

>It was on Kim Komando.
>----- Original Message ----- 
>From: "Ray Foret Jr." <rforetjr at bellsouth.net>
>To: "NFBnet GUI Talk Mailing List" <gui-talk at nfbnet.org>
>Sent: Wednesday, May 09, 2007 3:02 AM
>Subject: Re: [gui-talk] Fwd: New Trojan Horse Warning


>I found absolutely nothing about this matter on:
>www.grisoft.com
>or
>www.symantec.com
>or anywhere else I looked.  None of the latest threats appear to contain the
>factors shown in this message.  I am, in consequence beginning
>to believe this may be a hoax.  None of the articles I found when I googled
>"New Trojan Horse Impersonates Windows Reactivation Message
>" had enough specificity to satisfy me as to several details.  IF a threat
>is real, any legitimate article would have contained some advice or
>procedure for removing it; no matter how difficult.  There was no such help
>in anything I saw.  This made me suspicious.  Add to this the fact that none
>of the latest threats, nor those going back to May fourth (when this was
>supposedly discovered) have or contain any hint of the warning about a
>Windows Reactivation message.  Therefore, I have some reason I think to
>question its legitimacy.

>----- Original Message ----- Sincerely yours,
>The Constantly Barefooted,
>Ray
>Home phone and fax:
>(985)853-0139
>E-mail:
>rforetjr at bellsouth.net
>Skype Name:
>barefootedray
>Blog:
>www.raysworld.blogs.com
>Podcast .rss Feed:
>http://feeds.feedburner.com/worldofray


>God bless President George W. Bush!
>God bless our troops!
>and God bless America
>From: "Steve Pattison" <srp at internode.on.net>
>To: "GUI Talk" <gui-talk at nfbnet.org>; "Access-L" <access-l at access-l.com>
>Sent: Tuesday, May 08, 2007 9:52 PM
>Subject: [gui-talk] Fwd: New Trojan Horse Warning


>From: Parker at Vip conduit Vipcomm at mchsi.com
>To: VIP Announce List VIP-Announce at googlegroups.com
>New Trojan Horse Impersonates Windows Reactivation Message
>Barry Levine, Mon May 7, 2:04 PM ET
>A new Trojan Horse is making the rounds, impersonating Windows reactivation 
>and antipiracy
>messages with the goal of duping users into divulging their credit card 
>information.
>According to computer security firm Symantec, the Trojan, dubbed 
>Trojan.Kardphisher,
>creates a Windows look-alike screen, headlined "Microsoft piracy control," 
>and indicates
>that the copy of Windows was activated by another user and needs to be 
>reactivated.
>"To help reduce software piracy, please reactivate your copy of Windows 
>now," it
>instructs. "You must activate Windows before you can continue to use it." 
>The user
>is given two choices: reactivating Windows over the Internet immediately or 
>doing
>it later. No other applications can be run, and Task Manager cannot be 
>launched to
>force-quit the Trojan. Yes or No? If reactivation is deferred, the system is 
>shut
>down. And if users proceed with the fake reactivation, a second screen 
>appears, requesting
>private information that includes location, contact information, a credit 
>card number,
>the card's expiration date and three-digit security number, and even an ATM 
>PIN.
>The Trojan informs the user that the credit card information will not be 
>charged.
>But, once entered, the information is sent to the fraud's perpetrators to 
>use as
>they wish. The initial screen even references an actual Microsoft antipiracy 
>site:
>microsoft.com/piracy.
>Symantec said that the Trojan affects , , Windows Server 2003, and even 
>earlier versions
>of Windows, including 95, 98, and NT.
>Sometimes, Windows does indeed require reactivation, such as after 
>substantial hardware
>upgrades, but Microsoft does not ask for financial information. The Trojan's 
>request
>for reactivation and its close resemblance to actual Windows screens make it 
>a potentially
>effective attack against some users, Symantec said.
>While Symantec has posted detailed instructions on how to remove the Trojan, 
>some
>observers have noted that fake information can be entered to "activate" an 
>infected
>Windows machine when prompted, so that the Trojan could then be removed.
>Trust No One
>"This Trojan teaches us all a good lesson -- Trust No One," wrote Symantec's 
>Takashi
>Katsuki on the company's blog. "Sometimes the creators of Trojans attempt to 
>impersonate
>Microsoft, a bank, or even a government organization. Whatever the warning 
>or message
>says, we must make very sure it is genuine before giving up any personal 
>details,
>financial or otherwise." It is far better to doubt a genuine request until 
>proper
>verification is provided, Katsuki went on to say, than it is to blindly 
>place your
>trust in a message simply because it appears to have come from a trusted 
>source.
>"Sad though it may be," Katsuki wrote, "the days of leaving your front door 
>unlocked
>are over. In these times, we not only need a lock on the door, we need a 
>security
>guard watching the front door, the back door, and everywhere in between."
>Created on ... May 08, 2007
>Regards Steve
>Email: srp at internode.on.net
>Skype: steve1963
>MSN Messenger: internetuser383 at hotmail.com



>--------------------------------------------------------------------------------


>_______________________________________________
>gui-talk mailing list
>gui-talk at nfbnet.org
>http://www.nfbnet.org/mailman/listinfo/gui-talk

>_______________________________________________
>gui-talk mailing list
>gui-talk at nfbnet.org
>http://www.nfbnet.org/mailman/listinfo/gui-talk

>_______________________________________________
>gui-talk mailing list
>gui-talk at nfbnet.org
>http://www.nfbnet.org/mailman/listinfo/gui-talk

More information about the gui-talk mailing list