A new tech support scam displays a fake blue screen of death (BSoD) in an effort to trick users into installing malware on their Windows computers.
The threat, which Microsoft calls SupportScam:MSIL/Hicurdismos.A, builds off a long lineage of tech support scams. Some of those ruses have even mimicked other Windows features, including the update process, to try to trick users into purchasing unnecessary software.
In this particular case, Hicurdismos masquerades as Microsoft Security Essentials, the anti-malware product that came pre-installed on all machines with Windows 7 and earlier.
Machines running Windows 8 and 10 now come with the Windows Defender product automatically installed. But that doesn’t mean scammers can’t try to trick unsuspecting users into thinking their computers aren’t protected.
The installer for Hicurdismos arrives via a drive-by download attack and contains an executable called setup.exe. Microsoft’s SmartScreen Filter tries to warn users to not run the executable because it’s not verified, but they could simply choose to ignore those alerts.
There’s something interesting about the malicious file, as Francis Tan Seng and Alden Pornasdoro of Microsoft’s Malware Protection Center explain:
“The file setup.exe is a SmartInstaller package, which contains a malicious file that pretends to be Microsoft Security Essentials. Unlike the installer, the malicious file has the same file property information as the legitimate Microsoft Security Essentials executable”
Once the malicious file executes, it creates a fake BSoD experience by hiding the cursor and disabling Task Manager, both of which create the impression that the system is not responding.
It also displays a modified BSoD that comes with the following scammy punchline:
“If you would like to resolve the issue over the phone you can call our support at 1-800-418-4202.”
Genuine Blue Screens of Death do not contain any such sentence.
As of this writing, no one on the other end of the scam’s phone number could be reached. It’s safe to assume, however, that the scammers would try to trick users into downloading malware onto their machines that would grant the fraudsters remote control, access which they can abuse at a later point in time to install additional malware.
To protect against this tech support scam, it’s important that users know a few things:
- Microsoft will NEVER provide a phone number on a BSoD screen. Instead it will give an error code and recovery instructions. That’s it.
- Systems with either Windows 8 or Windows 10 installed are already protected by Windows Defender. That means there’s no reason for users to download Microsoft Security Essentials onto their machines.
- Every program produced by Microsoft (including Microsoft Security Essentials) is signed by a Microsoft certificate. Any program that claims to originate from Microsoft but isn’t signed is a fake.
Anyone who’s fallen victim to a tech support scam should change their passwords, reverse any credit card charges placed to the fraudsters, and patch their systems for vulnerabilities.
you explain all this but am I missing something like, how to stop this happening? I run windows 10 and I get this screen at least 3 times a day, I just let run its course and do nothing and my laptop restarts and alls well until the next time etc etc etc
Do you have any anti-virus software? It sounds like time to run a scan
ive ran windows defender many times but to no avail, it usually happens when I stop using my laptop for a while but not switching it off and when I return and log back on after about 5 mins, up it pops.
This is criminal activity and yes they are trying to put mal ware on computers. It gets nasty when you click the link or call the number and you do what the criminals tell you to do. If you turn your computer off and do nothing, generally you are OK. There is no way to stop it from happening.
Well that depends whether you see such fake MS "support" number or just an error code at bottom of that bsod. Follow the article's advice for the former or look for suggestions on the error code for the latter.
Funny. I read this yesterday, and just a few seconds ago I encountered the screen with a 1-800 number at the bottom (with something like 'Kernel Security' following the number.) This happening when I turned on Facebook.
Had this happen to me. Fell for it once–called the number and the "tech" said they'd help for $200!!! I told him never mind–ran Windows Defender-it cleared up!
This is criminal activity and yes they are trying to put mal ware on computers. It gets nasty when you click the link or call the number and you do what the criminals tell you to do. If you turn your computer off and do nothing, generally you are OK. There is no way to stop it from happening. Hopefully in the future there will be, unfortunately it is probably coming from some overseas idiot who is doing this for the pure hell of it.
my relative got taken for $250 from this scam.
I find it interesting to have Microsoft offering products to fight those "Fakes-Alerts" Folks we live in an era that all liars are out to get your money, (And Microsoft isn't excluded)
This is nothing more than a sale-pitch.