Scammers have moved quickly to create a phishing attack based on Microsoft's recently announced "Windows Genuine Advantage" programme, which asks users to verify the authenticity of their operating system before downloading updates.
E-mails have begun circulating that pose as information requests from Microsoft, and attempt to trick users into entering credit card information, according to Websense Security Labs. Adding to the potential confusion, Microsoft really is now asking many users to confirm the authenticity of their copies of Windows, although it isn't using unsolicited emails to do so.
The message has the header "Microsoft Windows Update", appears to come from the address "firstname.lastname@example.org" and is signed, "Windows XP Activation Team." The e-mail reads: "If you do not comply with our policy, Windows will ask you to reactivate your serial number, and it will become invalid. So you will lose any information on your computer. If you do not validate your serial number, your copy of Windows will be labelled as piracy."
Users are directed to an official-looking website, hosted in Romania, where they are asked to enter their Windows serial number and a credit card number, the credit card supposedly just needed for validation. Besides snagging the financial information, the site attempts to install spyware in the form of an Internet Explorer Browser Help Object (BHO), Websense said.
Late last month Microsoft announced it had begun requiring users in some countries to confirm the authenticity of their versions of Windows, and plans to make the programme mandatory worldwide later this year. Windows Genuine Advantage, as the programme is called, is voluntary so far for most users. Microsoft has asked eight million to take part since testing began, and so far five million have participated, the company said. Windows Genuine Advantage is part of a broader effort to reduce piracy.