Tran Thi Thanh, Binh (Ms.)
Country SMB & Channel Manager
Tel: +84-437186424 | Mobile: +84-918305821
Taipei, Taiwan - Feb.4, 2013 Trend Micro (TYO:4704; TSE:4704) warned users to be careful about malicious schemes that promise free or discounted items that are too good to be true. Those schemes are effective because everyone likes a great offer. Especially when the offered item is a much-talked-about product like Windows 8, it’s even more attractive.
Last year, Trend Micro unraveled some fake Windows 8 generators that surfaced right after the platform’s release. However, cybercriminals are continuously using the brand to lure users into their ruse. This time the offer becomes "Windows 8 activators”, which comes amidst the news of Microsoft’s limited offer of a discounted Windows 8 upgrade.
Figure 1. Screenshot of site offering fake Windows 8 activator
Figure 2. Website offering rogue Windows 8 activator
"During our research, we found several websites using ‘Windows 8’ as keywords. The first site purportedly offers a free Windows 8 ‘activator’, which is actually fake, while another one is calls itself ’Windows 8 Activator Loader Extreme Edition 2013’,” said Paul Oliveria, research of Trend Labs. Trend Micro Smart Protection Network™ detects this activators as HKTL_KEYGEN.
Using the same tactic of the previous fake Windows 8 generator, HKTL_KEYGEN require users to enter their personal details and send a SMS message to proceed to the next step of the supposed installation process. Upon further investigation, Trend Micro found these sites were hosted on IPs located in Latvia or Romania. "These IP addresses also host .ru sites, which further sealed our suspicions, since we noticed that these addresses previously hosted sites that peddled fake versions of popular mobile apps like Instagram and Angry Birds.” Paul explained. The popularity of Windows 8 and the chance to get one for free makes HTKL_KEYGEN effective at tricking users into downloading malware. Trend Micro strongly suggests users to be aware of these free offers. Trend Micro Smart Protection Network™ detects HTKL_KEYGEN and deletes it right away. It also blocks access to sites hosting these files.
About Trend Micro
Trend Micro Incorporated (TYO:4704; TSE:4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ of experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stop new threats faster, and protect data in the physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ cloud security infrastructure, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.
Additional information about Trend Micro Incorporated and the products and its services are available at Trend Micro.com This Trend Micro news release and other announcements are available at http://trendmicro.mediaroom.com/ and as part of an RSS feed at www.trendmicro.com/rss You can also follow our news on Twitter at @TrendMicro.