Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Malicious schemes promising free or discounted items are effective because everyone likes a great offer. More so, if the offered item is a much-talked about product like Windows 8.

    Last year, we unraveled some fake Windows 8 generators, fake Windows 8 antivirus programs, and phishing email that surfaced right after the platform’s release. Though it’s been months since it was launched, we found out that certain bad guys are continuously using the brand to lure users into their ruse. This time, however, they are offering Windows 8 “activators” amidst news of Microsoft’s limited offer of discounted Windows 8 upgrade.

    During our research, we found several websites using Windows 8 as keywords. The first site purportedly offers free Windows 8 “activator”, which is actually fake (detected by Trend Micro as HKTL_KEYGEN).


    Figure 1. Screenshot of site offering fake Windows 8 activator

    The other site we looked into also offers free Windows 8 activator, dubbing it the “Windows 8 Activator Loader Extreme Edition 2013”.


    Figure 2. Website offering rogue Windows 8 activator

    Once installed, HKTL_KEYGEN will require users to fill out a form with certain personal details and send an SMS message to a specific number to proceed with the next steps. If this ruse sounds familiar, it’s actually the same tactic used by the fake Windows 8 generator we blogged about last year.

    Upon further investigation, we found that these sites are hosted on IPs located in Latvia or Romania. These IP addresses also host .ru sites, further sealing our suspicions. Previously, we noticed that these addresses hosted sites that peddle fake versions of popular mobile apps like Instagram and Angry Birds.

    With its improved security features and performance, Windows 8 naturally generates curiosity among users and Windows supporters. Its popularity – not to mention the chance to get one for free – is what makes ruses like this effective at tricking users into downloading malware. Thus, users should always consider these “free” offers with a grain of salt. To know more about how social engineering lures work, our Digital Life e-guide How Social Engineering Works provides a comprehensive guide.

    They say that the best things in life are free. Unfortunately, in the world of Web threats, nothing could be further from the truth. And with multiple devices to manage, users must start the year right with a more security-centered digital lifestyle.

    Trend Micro Smart Protection Network™ detects and deletes HTKL_KEYGEN if found in user’s system. It also blocks access to sites hosting these files.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • Cromi Imcro

      Mas no site da Microsoft tinha a Avaliação do Windows 8 e e fiável, nem tudo é malware

    • vector

      i need that activator pls send me link to download it.

      • Ricky Mason

        you still need that activator?

        • vector

          Yes Please

    • Ramadan Alqatry

      THANK U

    • Basto

      Windows 7 loader/ activator works every time and its easier and faster than any other way to activate Windows 7, I have not seen a working Windows 8 loader yet, 8 is so lame it doesn’t seem like its a high priority to make a working activator for it,somebody will make one available soon enough.

    • Sasha K-S

      That’s what you get for wanting to touch some crap like Win8…


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice