Windows Genuine Advantage is the target of a new Trojan, which pretends to be Microsoft's activation mechanism.
Symantec issued a bulletin in late April on the Kardphisher Trojan, which has a threat rating of "very low." But the Trojan picked up new attention over the weekend, following a Friday post on Symantec's security Weblog.
The Trojan takes advantage of one controversial feature of Microsoft's Windows Genuine Advantage anti-piracy mechanism: revalidation. To receive most downloads, including Internet Explorer or anything from the Windows Update Web site, end users must validate that their computers are, in Microsoft parlance, "genuine." But one validation isn't enough. Microsoft has Windows clients periodically revalidate. The process is designed to catch new pirated versions as Microsoft continually updates its piracy database.
|