Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Because of its promise of improved feature and security, Windows 8 is naturally making waves in the tech industry and among ardent Windows users. Unfortunately, we are all too aware of the pitfalls of popularity when it comes to online security. It’s just a matter of time before cybercriminals will take advantage of Windows 8’s popularity.

    We got hold of two samples that are packaged as key generator apps for Windows 8, which are available on http://{BLOCKED}en2eqqh2.cloudfront.net. Key generators are used to generate serial numbers and are typically used for bootleg copies of a paid software. Based on our analysis, the apps we’ve found are malicious. Trend Micro detects these as ADW_SOLIMBA and JOKE_ARCHSMS respectively.

    When executed, ADW_SOLIMBA displays a fake message informing users to click ‘OK’ to download Windows 8 via the web browser. On the other hand, JOKE_ARCHSMS purports as a Windows 8 activator. Similar to ADW_SOLIMBA, JOKE_ARCHSMS also displays images to trick users into thinking that they can activate Windows once they have sent an SMS to a certain number. In addition, it also connects to the following URLs for click fraud:

    • http://{BLOCKED}rchant.net/api/open.php?aid=2102499&v
    • http://{BLOCKED}rchant.net/50qjpr21e2bd/2102499/

    When translated, the first window reads as:

    Select the installation path:
    To start the installation “Windows 8 Activator 2011″ click “Install”
    Install

    For the second window:

    Installation successful
    To generate a personal code, go free activation!
    (Protection from automatic activation)
    Country:
    operator:
    SMS with text:
    on number:
    Enter your activation code:

    The people behind these malware are hoping to ride on Windows 8’s popularity and some user’s eagerness to try out the software. And so far, using new programs, software, or apps as a social engineering lure has been an effective vehicle for attacks. Remember the malicious Instagram apps that surfaced just as news of Facebook’s acquisition of the app broke out? Similarly, malicious versions of Bad Piggies, Angry Birds Space were also uncovered in time for these apps’ release.

    Cybercriminals and other bad guys on the Internet know what users want and they’ll use it to their advantage. Users can never be too careful about what to download and from what sites. These samples may not be the only malicious key generators tools available on the Internet. For security purposes, users must avoid visiting or downloading from untrusted sources. Better yet, users should instead purchase the legitimate program.

    Trend Micro Smart Protection Network™ protects users from this threat by detecting and deleting these malicious keygen apps. It also blocks access to the related site.

    Update as of November 2, 2012 9:58 AM PST

    JOKE_ARCHSMS has been renamed to TROJ_ARCHSMS.B while ADW_SOLIMBA has been renamed to TROJ_DLOADR.AAD.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice