Microsoft has sounded the alarm over a fake installer for its Security Essentials, which attempts to trick victims into contacting bogus help centers.
Tech-support scammers have stepped up their technical game, prompting a "severe" warning from Microsoft over new Windows malware that mimics Microsoft's free Security Essentials antivirus, and then displays a fake blue screen of death, or BSoD, with an error message and a suggestion to call a 1800 number that is not a Microsoft support center.
The malware, which Microsoft calls Hicurdismos, disables Task Manager to prevent the user from terminating the fake BSoD and hides the mouse cursor to make the user think Windows is not responding.
Hicurdismos is a crafty example of an emerging tactic that's having greater success at roping younger people into tech support scams. Instead of cold-calling would-be targets, scammers are using online pop-up ads and fake security warnings to encourage people to contact a bogus support center.
"Real error messages from Microsoft do not include support contact details," Microsoft said on its Malware Protection Center blog, warning of the new threat. It also never asks for payment for delivering tech support.
"We've seen attackers becoming more sophisticated with their social-engineering tactics to try to mislead users into calling for technical support and then they are asked for payment to 'fix the problem' on the PC that does not exist," Microsoft added.
Security Essentials is Microsoft's anti-malware product for Windows 7 and earlier. Windows 8 and Windows 10 ship with Windows Defender enabled, so there's no need for these users to install Security Essentials.
However, users of the newer versions of Windows can still be tricked into installing the fake Security Essentials and if they do, they'll see a BSoD message that's identical to the real BSoD error message in Windows 8 and Windows 10, except for the addition of suggested 1800-number to call for help.
According to Microsoft, the malware is from a company purporting to be Bluesquarez LLC. Once installed, the file uses a similar castle icon to Security Essentials but a different filename, setup.exe.
Since the bogus Microsoft product hasn't been signed by a Microsoft certificate, users should see warnings from Microsoft's SmartScreen noting that running the software could be harmful.
A recent survey by Microsoft found that half of the respondents aged between 18 and 34 years had fallen for a tech-support scam, which was a far higher rate of impact than for older groups.
Younger people were also more likely to be exposed to fraudulent webpages and pop-up ads. Interestingly, countries that are hardest hit by tech-support scammers are also more likely to believe that Microsoft would reach out to them to offer support.
Other Web Browser Scam Examples
Below is a screenshot image from one of our clients as an additional example. There are many facets of these types of scareware and they should always be approached with caution. If you have doubts of the authenticity of a pop up you can always snag a picture with your cell phone and text it to one of our technicians.
To resolve these kinds of pop up errors within a Web Browser is rather simple. The easiest method for end users to to hold down the Power Button on their desktop or laptop for 10 seconds. This will force the computer to power off improperly. Once the computer has shut down, press the power button to allow the computer to boot back up. If you are prompted with a screen that stated "Windows did not shut down properly" if this occurs just allow the computer to "load Windows normally".
Once you are signed back into Windows reopen your preferred Web Browser (i.e. Google Chrome as the image above and below show). If you use Microsoft Internet Explorer, Microsoft Edge, Mozilla Firefox or Opera the method is very similar. Once your Web Browser has opened you will be prompter with an error stating "Web Browser did not shut down correctly, would you like to Restore Pages?" Just close the error and DO NOT RESTORE the webpages as it will cause the pop up to come back.
Congratulations your web browser is fixed and no more Scareware Pop Up. We do advise you to scan your computer with your security software if this happens to you a lot as you may have some kind of infection on the computer.
The Plot Thickens - How Tech Support Scams Work
Chances are that you or someone you know has gotten a call from someone claiming to be from "Windows technical support" phoning up to tell you that you "computer has a virus" and offering to remove it for you - for a fee.
Well, if you're interested in finding out what happens, grab a cup or glass of your favorite beverage, fire up YouTube, and prepare to be educated, entertained, and horrified.
Troy Hunt, security expert, Microsoft Regional Director and MVP, and the brains behind the "Have I been pwned?" data breach service, takes the time to show us exactly what happens.
What amazes me is how long and ponderous these scams are. I find it hard to believe that anyone would stay on the phone for so long and put up with it all. .
Now before I give you the impression that it's all fun and games scamming the scammers, I want to make it clear that it's actually serious business, because as soon as the scammers catch wind of the fact that they are being scammed, they turn nasty and start trashing the PC they are supposed to be "fixing."
Now I know that someone who reads this column is unlikely to fall for these sorts of scams (don't they all seem so horribly transparent?), but I hear from people every week who have, or who know a friend or relative who got sucked in. So take your time to do your bit and educate others about these scams.
And while it might be fun to scam the scammers - if you have the time and patience - the best advice on how to deal with these sorts of phone calls is to say "no thank you" and put the phone down. Don't be sucked into a discussion, don't provide any personal information, and don't allow them access to your PC.
Also, if you see any popups while surfing the web telling you that there's a problem with your PC and you need to call a number or visit a website to fix it, these are also scams. The FTC has more information on how to deal with telephone scams, and specifically tech support scams on its website.
Tech Support Scams: https://www.consumer.ftc.gov/articles/0346-tech-support-scams