A new tech support scam displays a fake blue screen of death (BSoD) in an effort to trick users into installing malware on their Windows computers.
The threat, which Microsoft calls SupportScam:MSIL/Hicurdismos.A, builds off a long lineage of tech support scams. Some of those ruses have even mimicked other Windows features, including the update process, to try to trick users into purchasing unnecessary software.
In this particular case, Hicurdismos masquerades as Microsoft Security Essentials, the anti-malware product that came pre-installed on all machines with Windows 7 and earlier.
Machines running Windows 8 and 10 now come with the Windows Defender product automatically installed. But that doesn't mean scammers can't try to trick unsuspecting users into thinking their computers aren't protected.
The installer for Hicurdismos arrives via a drive-by download attack and contains an executable called setup.exe. Microsoft's SmartScreen Filter tries to warn users to not run the executable because it's not verified, but they could simply choose to ignore those alerts.
There's something interesting about the malicious file, as Francis Tan Seng and Alden Pornasdoro of Microsoft's Malware Protection Center explain:
"The file setup.exe is a SmartInstaller package, which contains a malicious file that pretends to be Microsoft Security Essentials. Unlike the installer, the malicious file has the same file property information as the legitimate Microsoft Security Essentials executable"
Once the malicious file executes, it creates a fake BSoD experience by hiding the cursor and disabling Task Manager, both of which create the impression that the system is not responding.
It also displays a modified BSoD that comes with the following scammy punchline:
"If you would like to resolve the issue over the phone you can call our support at 1-800-418-4202."
Genuine Blue Screens of Death do not contain any such sentence.
As of this writing, no one on the other end of the scam's phone number could be reached. It's safe to assume, however, that the scammers would try to trick users into downloading malware onto their machines that would grant the fraudsters remote control, access which they can abuse at a later point in time to install additional malware.
To protect against this tech support scam, it's important that users know a few things:
- Microsoft will NEVER provide a phone number on a BSoD screen. Instead it will give an error code and recovery instructions. That's it.
- Systems with either Windows 8 or Windows 10 installed are already protected by Windows Defender. That means there's no reason for users to download Microsoft Security Essentials onto their machines.
- Every program produced by Microsoft (including Microsoft Security Essentials) is signed by a Microsoft certificate. Any program that claims to originate from Microsoft but isn't signed is a fake.
Anyone who's fallen victim to a tech support scam should change their passwords, reverse any credit card charges placed to the fraudsters, and patch their systems for vulnerabilities.