Because of its promise of improved feature and security, Windows 8 is naturally making waves in the tech industry and among ardent Windows users. Unfortunately, we are all too aware of the pitfalls of popularity when it comes to online security. It’s just a matter of time before cybercriminals will take advantage of Windows 8′s popularity.
We got hold of two samples that are packaged as key generator apps for Windows 8, which are available on http://{BLOCKED}en2eqqh2.cloudfront.net. Key generators are used to generate serial numbers and are typically used to for bootleg copies of a paid software. Based on our analysis, the apps we’ve found are malicious. Trend Micro detects these as ADW_SOLIMBA and JOKE_ARCHSMS respectively.
When executed, ADW_SOLIMBA displays a fake message informing users to click ‘OK’ to download Windows 8 via the web browser. On the other hand, JOKE_ARCHSMS purports as a Windows 8 activator. Similar to ADW_SOLIMBA, JOKE_ARCHSMS also displays images to trick users into thinking that they can activate Windows once they have sent an SMS to a certain number. In addition, it also connects to the following URLs for click fraud:
- http://{BLOCKED}rchant.net/api/open.php?aid=2102499&v
- http://{BLOCKED}rchant.net/50qjpr21e2bd/2102499/
 |  |
When translated, the first window reads as:
Select the installation path:
To start the installation “Windows 8 Activator 2011″ click “Install”
Install
For the second window:
Installation successful
To generate a personal code, go free activation!
(Protection from automatic activation)
Country:
operator:
SMS with text:
on number:
Enter your activation code:
The people behind these malware are hoping to ride on Windows 8′s popularity and some user’s eagerness to try out the software. And so far, using new programs, software, or apps as a social engineering lure has been an effective vehicle for attacks. Remember the malicious Instagram apps that surfaced just as news of Facebook’s acquisition of the app broke out? Similarly, malicious versions of Bad Piggies, Angry Birds Space were also uncovered in time for these apps’ release.
Cybercriminals and other bad guys on the Internet know what users want and they’ll use it to their advantage. Users can never be too careful about what to download and from what sites. These samples may not be the only malicious key generators tools available on the Internet. For security purposes, users must avoid visiting or downloading from untrusted sources. Better yet, users should instead purchase the legitimate program.
Trend Micro Smart Protection NetworkT protects users from this threat by detecting and deleting these malicious keygen apps. It also blocks access to the related site.
Leave a reply
