Scammers demand $143 from Windows users, threaten with file deletion

SmartNA PortPlus - High Performance Visibility Solutions that scale with your network.

German Windows users are the latest target of some pretty brazen scammers, warns Panda Security.

The whole thing starts with a Trojan – likely received via spammy emails or P2P networks – which gets installed on the victim’s computer and restarts the system.

When the loading process is finished, the user is faced with a message saying that Microsoft has detected that his copy of Windows is pirated, and that unless he pays a fee of 100 Euros (around $143) in the next 48 hours, he won’t be able to access his files ever again.

The message also says that if he doesn’t pay, he can look forward to a visit from prosecutors who, allegedly, are aware of his address.

The background of the message sports the Microsoft’s logo and mimics the infamous Windows “black screen” in order to lend a semblance of legitimacy to the threat.

If the user falls for it and follows the offered link, he is taken to a website posing as the Microsoft Licensing Center (click on the screenshot to enlarge it):


He is asked to enter the offered identification number, and once he has done it, he is taken to a site where he can enter the personal and financial information needed to effect the payment through Ukash or Paysafecard – two payment services popular in Europe.

The activation code – which, by the way, is QRT5T5FJQE53BGXT9HHJW53YT – is sent to the user after a while.

It triggers the removal of the malware and the modified registry key, and he can now access his files again. But, unfortunately, he is now 100 Euros lighter.