Counterfeit software could lead to malware on your machine without you knowing

Don’t be a victim of Counterfeit Software…

As an IT Support company, our clients put their trust in us to source and supply various hardware and software solutions. We purchase Microsoft Office by the bucket load and almost on a daily basis it’s one of the team’s job to go through the headache of unpacking the Microsoft Office box, pulling out the licence key, and going through the hassle of installing Office 2013 on the client machine. Today was different. We sourced our copies of Office from our normal supplier, took delivery, opened the boxes, and proceeded to download the software.

That part of the procedure is normal. What isn’t normal is being told by the Licence Card to visit a website that isn’t Microsoft’s. We almost got caught out by this. If we can almost get caught out, someone without genuine software to compare them to would almost certainly be an unknowing victim of software piracy. Microsoft do a lot to defend their intellectual property. What people take for granted is that Microsoft’s software (jokes aside) doesn’t contain Malware or Viruses. It doesn’t contain software that will spy on you when you’re purchasing your Summer holiday or moving money around your various bank accounts.

The software we almost downloaded could have.

Here’s a picture of the counterfeit version against a genuine one (click the picture for a full size version):

IMG_1636

Can you guess which one is the counterfeit one? Exactly. Microsoft’s first line of defence is a special label they call their Certificate of Authenticity (or COA). This label has a few security features that should allow you to determine if what you hold in your hands is a genuine product. Have a look at the COA label on the two boxes below (we’ve kept the genuine one and the counterfeit one in the same place):

IMG_1637

Got any clue as to which one is the genuine one yet? Assuming you didn’t take a look at the COA before opening the box, the only other real tell-tale sign that the product we have is counterfeit is the following:

IMG_1640

Have you spotted it yet? Obviously Step 4 is missing on one of the cards, but the crucial issue is the website they’re sending us to: http://uk.msoffice13.com/hb This is not a Microsoft Website. It should go without saying not to visit the site, but if you do, you’ll start downloading a HomeBusinessRetail.exe file that looks like the genuine Microsoft product. In fact, even AVG, Malwarebytes and Avast! didn’t moan that this file wasn’t genuine. At this stage, we’re pretty confident that the product on the left is actually a knock-off. A genuine Microsoft COA label will have a hologram on the left hand side and a “microsoft” thread intertwined through the label itself. Here’s a picture of a genuine COA:

IMG_1638

Notice on the left hand side the hologram (you can’t see it really well unless you move the label around the light) and the thread slightly to the right of the hologram which if you touch with your finger you can actually feel that it’s interwoven. And now here’s the fake closer up:

IMG_1639

If you look at the label closely, you’ll see the hologram is actually just one solid colour and the thread that runs through the label has in fact been replaced with just a green line. Whilst we weren’t able to confirm if there was malware in the download of this counterfeit software (and the software had just been hacked to bypass the Serial Number checks Microsoft do) there’s still the possibility for counterfeit software to come packaged up with other nasties.

We also checked the licence key card against the official Microsoft download site and it came back as not recognised.

Microsoft have a very thorough website dedicated to checking if your products are genuine: http://www.microsoft.com/howtotell

We’ve also just noticed that if you scan the barcode on the COA, it comes back with the wrong numbers and not the ones shown.