Phoney Windows piracy check steals credit cards

Online criminals are using Windows registration pages as new way to fool consumers into divuling confidential information, researchers with Symantec have noticed. 

The security firm said that it has spotted a new trojan that steals credit card information by posing as an anti-piracy control for Windows XP.

The phishing trojan mimicks the behavior of Microsoft's Windows Genuine Advantage (WGA) anti-piracy software, which tracks down pirated copies of the operating system.

On startup, the trojan produces a window informing the user that their copy of Windows has been activated by another user. In order to "re-activate" Windows, the software asks the user to input a phone number, e-mail address, and credit card details.

When a user chooses not to enter the data, the trojan automatically shuts down the machine.

"Whatever the warning or message says, we must make very sure it is genuine before giving up any personal details, financial or otherwise," wrote researcher Takashi Katsuki in an article for the company's Security Response Weblog.

"It is far better to doubt a genuine request until proper verification is provided, than it is to blindly place your trust in a communiqué simply because it appears to have come from a trusted source."

This is not the first piece of malware to present itself as a Microsoft anti-piracy tool. Last summer, a instant-messaging worm presented itself to users as a WGA update. 

Ironically, privacy advocates have previously charged that WGA itself amounts to spyware because it collects system data and reports back to Microsoft without the user's permission.