Windows 7 'compatibility checker' is a Trojan

A fake email with the Trojan lifts text from a Microsoft Web site about the real software

Scammers are infecting computers with a Trojan horse program disguised as software that determines whether PCs are compatible with Windows 7.

The attack was first spotted by BitDefender on Sunday and is not yet widespread; the antivirus vendor is receiving reports of about three installs per hour from its users in the U.S. But because the scam is novel, it could end up infecting a lot of people, according to Catalin Cosoi, the head of BitDefender's Online Threats Lab. "This actually works because of the interest in Windows 7," he said.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

The scammers steal their marketing text directly from Microsoft, which offers a legitimate Windows 7 Upgrade Advisor in its Web site.

"Find out if your PC can run Windows 7," the emails read, echoing Microsoft's Web page. "This software scans your PC for potential issues with your hardware, devices, and installed programs, and recommends what to do before you upgrade."

Users who try to install the attached, zipped file end up with a back-door Trojan horse program on their computer. BitDefender identifies the program as Trojan.Generic.3783603, the same one that's being used in a fake Facebook password reset campaign.

Once a victim has installed the software, criminals can pretty much do whatever they want on the PC, Cosoi said. That could mean installing a keylogger to steal banking credentials or even gaining full access to the hacked system.

Cosoi guesses that a few thousand people have been infected by the Trojan to date, but that number will probably grow rapidly as more victims are taken in by the latest scam.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies