Worm/Trojan in product key???

Discussion in 'other security issues & news' started by gorgelink, Jul 2, 2005.

Thread Status:
Not open for further replies.
  1. gorgelink

    gorgelink Registered Member

    Aug 28, 2004
    Hi, everyone,

    I recently bought a program from a little-known company/vendor.

    I asked for a multi-user licence and they sent me a KEY - a VERY LONG string of letters and numbers (506 bytes in total).

    I copied the key and pasted it into an "enter key" dialog box.

    The program changed from trial to registered and now displays my name, e-mail address and details of the licence (3-users multiple).

    It suddenly occurred to me:

    What if the string of letters and numbers I was given actually hides a worm of Trojan?

    What if by copy-pasting the key into the "enter key" dialog box I actually activated the worm/Trojan and "injected" some code into my system?

    Is this even possible? The key was awfully long - the longest I ever saw.

    I never heard of this method of propagation (through a key or serial number - S/N) - but, hey, why not?

    I am not sufficiently technically savvy to know if I am talking gibberish - or if I just invented a whole new field of malware.

    Seriously, can anyone enlighten me?

    Last edited: Jul 2, 2005
  2. AnthonyG

    AnthonyG Registered Member

    Aug 3, 2004
    No i dont think you need to worry.

    The company is just being overly cautious with their intellectual property and this putting such a large security measure for activation.

    But if you are still worried google for Kaspersky file scanner and upload it to their and it will say if its malware or not.
  3. gorgelink

    gorgelink Registered Member

    Aug 28, 2004
    Thanks Anthony.

    It is a one man show, totally unknown company, with a single new product. It could well be a hacker.


    The key was sent to me by e-mail.

    What should I submit to KAV online file scanner - should I submit the email message that I received from the company, containing the key?


    My question is actually TECHNICAL:

    Could - in principle - a product key or a serial number be used to inject or install a worm or Trojan into a computer? Is it at all possible?

    Thanks again!

  4. Pollmaster

    Pollmaster Guest

    Leaving aside the technical details , which I think is highly unlikely, (text is unlikely to hurt you, except maybe some buffer overflow??)

    Personally I think if you have already installed their program, and the product was malicious, you would be in trouble anyway. I don't see why he would need to hurt you in such a unlikely manner.

    Eg Maybe the code is some phrase to "activate" the malicious program?

  5. gorgelink

    gorgelink Registered Member

    Aug 28, 2004
    Thanks, Pollmaster.

    I agree - no trouble, no malware. It looks good hitherto. No requests to connect to the Internet, no NAV Auto-Protect alerts, no requests for OpenProcess, etc.

    You joke:

    "Eg Maybe the code is some phrase to "activate" the malicious program?"

    But I don't...

    I really want to learn:

    I think that it is possible to activate the malicious element attached to an otherwise "innocent" software by entering the key or serial number.

    When you enter the key or serial number you activate a key-recognition software module in the application.

    Why can't entering the key also activate a Trojan or a worm?

    Leaving the specific question aside, isn't it an intriguing possibility? Am I wrong and this is completely impossible?

    Thank you again and apologies if I sound stupid ... The technical aspect is not my strong side. This is why I have posted here to start with ...

  6. richrf

    richrf Registered Member

    Dec 11, 2003
    Hi gorglink,

    If you have questions about the product and company you could:

    1) Do a google search to research the product. Sometimes I frame the google search with forums that I know are very helpful: e.g. "product name" Wilders or "product name" Castlecops.

    2) Submit the original product (if it isn't too large) to one of the online scan sites to see if it has any know viruses. I do not think the key, in itself, will do anything more than the product itself might.

    3) Run Security Task Manager (there is a free download) that will identify the characteristics of the program and rate it on the chances that it is some malware based upon these characteristics.

    Others may have other suggestions. Good luck!

  7. gorgelink

    gorgelink Registered Member

    Aug 28, 2004
    Thanks you, everyone, for putting my mind at ease!

    Rich, special thanks for the practical advice

  8. Pollmaster

    Pollmaster Guest

    First off, don't worry, I'm no technical expert either.

    Second, I suppose that might happen. Didnt they have those worms that sent encrypted or was it password protected zipped content, with the key to evade scanners. This whole code activiating the malware stuff wouldnt be that different, though it would be a whole lot more complicated.

    Still I think it's rather unlikely, much easier ways to get past scanners.

    But as always, scan with your usual suspects (Richrf likes Security task manager these days apparantly). Unless you know how to reverse engineer the program in question :)
  9. Tuggboat

    Tuggboat Registered Member

    Nov 9, 2004
    I'm glad your minds more at ease. :) Thats what all this anti bad stuff stuffs supposed to do. Problem with it is that to sell us it they instill a bit of fear to motivate us to buy. A little bit of mystery, a little bit of knowledge is what keeps me interested in this. It also keeps me vigilent.

    I've noticed a few consistencies on my detected malware and worms are so far the biggest. If I am about to download anything about these file sizes I get out the AV stuff and turn everything on :)

    Most viruses I'v got were least 70 kb, trojan clients about 276 kb and some around with fake applications around 400 to 470kb, and I found a worm at876 kb.
    I haven't had a lot, any other patterns would be interesting.
Thread Status:
Not open for further replies.