A new piece of malware identified by Symantec as ‘Trojan.Kardphisher' targets Windows XP users by portraying itself as related to Windows product activation. Symantec calls the threat level "very low" but I wanted people to be aware of it.
After installation and a reboot, the Trojan appears as the Windows activation screen pictured below.
Only choosing ‘yes' or ‘no' is allowed by the malware. Choosing ‘no' will shut down Windows; choosing ‘yes' will bring the user to a second screen (below) where the malware asks for personal and credit card information.
In its review of this malware Symantec posted the video below demonstrating the behavior of ‘Trojan.Kardphisher'.