locked
Will Microsoft examine counterfeit software to see if a trojan and/or other malware has been added to it? RRS feed

  • Question

  • I bought MSOfficePro2007 on eBay recently, and was able to install it and upgrade it to sp2, not without "issues" which I blamed on my 64-bit Vista and/or problems getting rid of the trial version of Office (I ended up having to reinstall Windows.)  The price was $170, but the seller had a 100% feedback rating, and, at the time, there had been several other sales of that product but no feedback.  I figured that some store had gone out of business due to the economy and that the seller had picked up some software cheap.  Then I got an email from another eBay member telling me that the seller's products were good copies, so I ran the WGA tool for office, and, sure enough,
    OGA Data-->
    Office Status: 108 Invalid VLK
    Microsoft Office Professional Plus 2007 - 108 Invalid VLK.
    New seller feedback now mentions the counterfeit but that she will refund the money if buyers send it back.  I could do that and pray that she's not in jail or bankrupt because of this and hopefully get my money back, OR I could send the product to Microsoft and hope that they send me genuine software.
    I am leaning toward sending the product back to Microsoft because I checked, and the lady is still selling the same product--with two left as of this writing--and the price is now even lower, $120, despite the fact that she has been warned that the product is counterfeit, so I would have to say, Go Microsoft.
    What I am really worried about is this:  I don't see how it could be economically feasible to reproduce all the Microsoft brochures, labels and package, as well as the cds.  That would seem to imply a volume operation.  What I am worried about is that, since there doesn't seem to be that much profit in it, there might be a trojan added to the program, say something that steals banking information, which would provide the real financial impetus for such an operation.  Would Microsoft tell me, after they examine the cds I send them, whether there is any form of malware that has been added to the program? 
    Sunday, October 4, 2009 7:14 PM

Answers

  • Hello ParrotSlave,

    You asked, "Would Microsoft tell me, after they examine the cds I send them, whether there is any form of malware that has been added to the program?"

    I would have to think, "Most likely not" because of the sheer volume of submissions of counterfeit items.

    Your first choice in your circumstances would be to send the product back to the seller to get a full refund.  Would you mind posting a link to the auction from which you purchased Office?
    For great advice on all topics XP, visit http://www.annoyances.org/exec/forum/winxp
    Sunday, October 4, 2009 11:55 PM
  • Hello ParrotSlave,

    You wrote, "but I don't think these cds would qualify since the holograms are most likely stickers instead of embedded."

    Holograms that are labels affixed to the top surface of the disc are counterfeit.  The real McCoy has all disc holograms embedded within the plastic of the CD (I remember reading somewhere that this is a Microsoft patent or exclusive feature).
    For great advice on all topics XP, visit http://www.annoyances.org/exec/forum/winxp
    • Marked as answer by ParrotSlave Friday, October 9, 2009 3:15 AM
    Tuesday, October 6, 2009 1:50 PM

All replies

  • Hello ParrotSlave,

    You asked, "Would Microsoft tell me, after they examine the cds I send them, whether there is any form of malware that has been added to the program?"

    I would have to think, "Most likely not" because of the sheer volume of submissions of counterfeit items.

    Your first choice in your circumstances would be to send the product back to the seller to get a full refund.  Would you mind posting a link to the auction from which you purchased Office?
    For great advice on all topics XP, visit http://www.annoyances.org/exec/forum/winxp
    Sunday, October 4, 2009 11:55 PM

  • What I am really worried about is this:  I don't see how it could be economically feasible to reproduce all the Microsoft brochures, labels and package, as well as the cds.  That would seem to imply a volume operation.  What I am worried about is that, since there doesn't seem to be that much profit in it, there might be a trojan added to the program, say something that steals banking information, which would provide the real financial impetus for such an operation.  Would Microsoft tell me, after they examine the cds I send them, whether there is any form of malware that has been added to the program? 

    I disagree, Microsoft makes (or pays someone to make) the lables, packaging and CD AND has the added cost of developing the software (hundres of developers and support staff) and we make a profit.  The Pirates don't have the expense of developing the software so they're margins may even be higher.

    However, even if they are making a good profit, why stop there... adding a virus, backdoor or other malware would only add to their profits. I think is pretty safe to assume that most Conterfiet Office and Windows disks include malware in the pirated software. What they are doing is already illegal so why not also include a Keylogger to get your Online Banking or Credit Card information, or use your computer to send spam to thousands of people (and slowing down the computer, to a crawl, in the process)?

    From the Pirate's point of view, including malware with thier pirated software just makes good busness sense...to them.

    Thank you,
    Darin MS
    Monday, October 5, 2009 9:24 PM
  • I don't think it would be wise to post a link to that lady's auction.  At this very instant, she has 7 other Office Professional 2007s for sale.  I do not know if any or all of those are counterfeit; my gut feeling would be that they all are, but who knows.... Maybe they were from a different source.  I don't want to interfere with any legal investigation.  Certainly, if I were Microsoft, I would be at her door with a subpoena this instant.
    Monday, October 5, 2009 11:36 PM
  • Only after I examined the cds closely while at MS's genuine site did I realize that they are, for real, counterfeit--after all, WGA has been known for years to lie about legitimate software, so I couldn't swear on its statement alone.  One of the inner holograms on disk 2 has a few chunks out of it, and I think that the hologram is not embedded, although I can't swear for sure.  I can see and feel a slight ridge on the outside and inside where the hologram starts and ends, but I really can't tell if this is due to it being embedded or affixed as a sticker, and I don't want to try peeling it with my fingernail--depending on the glue, a sticker might not peel anyway.  Microsoft's site is not particularly helpful in this regard.  I am protected by Paypal--I think--so, although she did give a refund to a previous buyer, she might even tank, or eBay might pull the plug, but I should be protected.  I can't tell whether I would qualify for a copy of Office from Microsoft or not, since I don't know for sure whether it is an embedded hologram or not, so I think I should go ahead and send it back to the lady instead of to Microsoft.  However, in view of the fact that she is still selling the product--7 at this instant with a lower price, although neither of us know whether the other items are counterfeit or not--I wonder:  Does Microsoft needs the physical software and package that I am now in possession of for evidence?  Or is there such a flood of counterfeits that this is like nothing to them?  Should I contact a law enforcement agency?

    If the lady is selling them for between $120 and $170, then she could not have been paying more than $100 each for them, probably much less.  I was thinking, regarding the economics of that business, that it would cost a lot to get just the fancy booklet printed up, even in Asia, so, for it to be viable economically, it would have to be a large operation, because you couldn't have just 10 or 20 packages to sell @, say, $100 to the end sellers.  We have all known shady characters, whether in school or whatever, so I can imagine how you could find somebody to sell a few such products.  But how can a criminal organization locate dozens or even hundreds (?) of people to sell counterfeits like that?
    Monday, October 5, 2009 11:59 PM
  • Hello Parrot Slave,

    You wrote, "after all, WGA has been known for years to lie about legitimate software"

    Your statement about WGA is factually incorrect.


    You wrote, "Does Microsoft needs the physical software and package that I am now in possession of for evidence?"

    If you want to participate in the MS Complimentary Replacement Offer, Microsoft requires that you send all Office-related materials that you purchased to MS as part of the quid-pro-quo for getting the free replacement software.

    You may have an interest in this MS Press Release from 2007:  http://www.microsoft.com/presspass/press/2007/jul07/07-24CounterfeitingSyndicatePR.mspx


    For great advice on all topics XP, visit http://www.annoyances.org/exec/forum/winxp
    Tuesday, October 6, 2009 2:16 AM
  • Hello Parrot Slave,

    I was asking for a link in order to examine how the seller is presenting the product.  Sometimes just reading the auction can tell us whether the seller is trying to "pull a fast one," or whether the seller probably does not know enough about what they are selling to tell the difference between genuine and fake Microsoft software.
    For great advice on all topics XP, visit http://www.annoyances.org/exec/forum/winxp
    Tuesday, October 6, 2009 2:19 AM
  • Hello ParrotSlave,

    At the moment of this writing the seller has five other auctions going for Office 2007 Professional.  The seller is using the same item picture and item description for all of their current auctions.

    Srike 1:  The picture has a close-up of the CoA.  You can see that the Porthole of the CoA is a clean cut and not "frayed," one of the major countereit characteristics talked about at www.howtotell.com.  The Porthole on the CoA also does not appear to have a security label going thru it.

    Strike 2:  The description claims "3 installs."  Someone selling software as part of a business should know that there is only one Office 2007 edition that allows three installations, that is a retail license for Office Home and Student 2007.

    Strike 3:  Finally, this person is selling an item with a regular retail price of $449 for $120.

    Three strikes!
    For great advice on all topics XP, visit http://www.annoyances.org/exec/forum/winxp
    Tuesday, October 6, 2009 4:27 AM
  • The picture does not show the "our passion" thread, but it is there.  I examined the entire label with a 30x pocket microscope, and, although the port hole is smooth to the normal eye, there are random threads and sections of paper fiber jutting out into the port hole.  You can feel the lump where the thread is inside the label on both sides of the port hold, but gently removing the coa a little without tearing it reveals that it is indeed inside or in the middle of the label, not underneath.  Pocket microscopic examination reveals other surprises, such as what appear to be light blue lines are actually lines of letters, which may make some sense:  I can see "humanityopenness" as part of a repeated sequence (it's hard to read since the writing is inverted.) However, the shape of the port hole is different than the picture on the website, but it is not obvious to me if that is a Microsoft variable. 
    The outside of this product is really good.  I scanned both disks with NIS2010 after I found out it was counterfeit, but Norton thinks there is no malware on it.
    I should mention that the disks themselves did pique my suspicions after I opened the product because I noticed some speckles that reminded me of what a cd would look like if there were grit on the surface before you affixed a label you had printed. But I looked at all the holograms, and they all seemed good--genuine Microsoft, so I didn't think any more about it.  I figured that if there were an issue, then I would find out when I either tried to update the product or register it, and Microsoft allowed it to be activated.  I did not notice until recently that disk 2 has some small chunks of the inner silvery hologram layer missing.
    I don't understand why Microsoft doesn't have some kind of a little web program that you can download BEFORE you install anything that would determine whether a product is genuine.  It would save a lot of time and trouble.
    I would like to take advantage of the complimentary offer, but I don't think these cds would qualify since the holograms are most likely stickers instead of embedded.
    I had been getting ready to pay about $270 from a different eBay vendor--I was on the page ready to buy--when I did one more search and found that lady selling it for $170:  I know, if it's too good to believe, then don't, but her 100% feedback rating disarmed me.  It don't grow on no tree.  Looking at the other things she sells, I would not guess that she knows anything about computers or software, so her description is not suspicious.  I think, though, that knowing that some are counterfeit, which she does now, she ought to remove the other Offices from auction and have them examined by a professional. 
    Tuesday, October 6, 2009 5:44 AM
  • Hello ParrotSlave,

    You wrote, "but I don't think these cds would qualify since the holograms are most likely stickers instead of embedded."

    Holograms that are labels affixed to the top surface of the disc are counterfeit.  The real McCoy has all disc holograms embedded within the plastic of the CD (I remember reading somewhere that this is a Microsoft patent or exclusive feature).
    For great advice on all topics XP, visit http://www.annoyances.org/exec/forum/winxp
    • Marked as answer by ParrotSlave Friday, October 9, 2009 3:15 AM
    Tuesday, October 6, 2009 1:50 PM