Scammers are infecting computers with a Trojan horse program disguised as software that determines whether PCs are compatible with Windows 7.
The attack was first spotted by BitDefender on Sunday and is not yet widespread; the antivirus vendor is receiving reports of about three installs per hour from its users in the U.S. But because the scam is novel, it could end up infecting a lot of people, according to Catalin Cosoi, the head of BitDefender's Online Threats Lab. "This actually works because of the interest in Windows 7," he said.
The scammers steal their marketing text directly from Microsoft, which offers a legitimate Windows 7 Upgrade Advisor in its website.
"Find out if your PC can run Windows 7," the emails read, echoing Microsoft's web page. "This software scans your PC for potential issues with your hardware, devices, and installed programs, and recommends what to do before you upgrade."
Users who try to install the attached, zipped file end up with a back-door Trojan horse program on their computer. BitDefender identifies the program as Trojan.Generic.3783603, the same one that's being used in a fake Facebook password reset campaign.
Once a victim has installed the software, criminals can pretty much do whatever they want on the PC, Cosoi said. That could mean installing a keylogger to steal banking credentials or even gaining full access to the hacked system.
Cosoi guesses that a few thousand people have been infected by the Trojan to date, but that number will probably grow rapidly as more victims are taken in by the latest scam.