Malicious schemes promising free or discounted items are effective because everyone likes a great offer. More so, if the offered item is a much-talked about product like Windows 8. Last year, we unraveled some fake Windows 8 generators, fake Windows 8 antivirus programs, and phishing email that surfaced right after the platform’s release. Though it’s been months since it was launched, we found out that certain bad guys are continuously using the brand to lure users into their ruse. This time, however, they are offering Windows 8 “activators” amidst news of Microsoft’s limited offer of discounted Windows 8 upgrade. During our research, we found several websites using Windows 8 as keywords. The first site purportedly offers free Windows 8 “activator”, which is actually fake (detected by Trend Micro as HKTL_KEYGEN).
Figure 1. Screenshot of site offering fake Windows 8 activatorThe other site we looked into also offers free Windows 8 activator, dubbing it the “Windows 8 Activator Loader Extreme Edition 2013”.
Figure 2. Website offering rogue Windows 8 activatorOnce installed, HKTL_KEYGEN will require users to fill out a form with certain personal details and send an SMS message to a specific number to proceed with the next steps. If this ruse sounds familiar, it’s actually the same tactic used by the fake Windows 8 generator we blogged about last year. Upon further investigation, we found that these sites are hosted on IPs located in Latvia or Romania. These IP addresses also host .ru sites, further sealing our suspicions. Previously, we noticed that these addresses hosted sites that peddle fake versions of popular mobile apps like Instagram and Angry Birds. With its improved security features and performance, Windows 8 naturally generates curiosity among users and Windows supporters. Its popularity - not to mention the chance to get one for free - is what makes ruses like this effective at tricking users into downloading malware. Thus, users should always consider these “free” offers with a grain of salt. To know more about how social engineering lures work, our Digital Life e-guide How Social Engineering Works provides a comprehensive guide. They say that the best things in life are free. Unfortunately, in the world of Web threats, nothing could be further from the truth. And with multiple devices to manage, users must start the year right with a more security-centered digital lifestyle. Trend Micro Smart Protection Network™ detects and deletes HTKL_KEYGEN if found in user’s system. It also blocks access to sites hosting these files.