Tech Support Scam Uses Fake ‘Blue Screen Of Death’

Scam

New malware scam urges users to call a number when confronted with a fake blue screen of death

Windows users are being cautioned about a devious new support scam that uses a fake blue screen of death (BSoD).

The warning came from Microsoft’s malware protection centre, which has labelled it “SupportScam: MSIL/Hicurdismos.A”.

Support Scam

fakebsodRedmond labelled the threat as “severe” and said that SupportScam malware pretends to be a Microsoft Security Essentials installer.

Microsoft Security Essentials is of course the freebie anti-virus tool that shipped with Windows XP, Windows Vista and Windows 7 (Windows 8 and 10 use Windows Defender instead).

“We recently discovered a threat detected as SupportScam:MSIL/Hicurdismos.A that pretends to be a Microsoft Security Essentials installer,” Microsoft blogged.

“Hicurdismos uses a fake Windows error message (sometimes called a “blue screen of death”, or BSoD) to launch a technical support scam,” it wrote. “A real BSoD is a fatal error in which the screen turns blue and the computer crashes. Recovery from a BSoD error typically requires the user to reboot the computer.”

However it seems that this fake BSoD screen includes a note to contact bogus technical support. When the user calls the indicated telephone number, they are at risk from downloading more malware pretending to be support tools, in exchange for a fee.

The fake BSoD screen used by Hicurdismos mimics an error message used in Windows 8 and Windows 10.

Fake Icon

Microsoft said that real error messages do not include support contact details, and it cautioned that the malware uses an icon that looks remarkably similar to the official Microsoft Security Essentials icon.

fakemicrosoftsecessentials“Hicurdismos is an installer that arrives via a drive-by download,” wrote Microsoft. “If the malicious installer is downloaded on the computer, it mimics the real Microsoft Security Essentials installer by using a similar icon. However, closer inspection will reveal differences in the file properties, including the filename. Hicurdismos uses the file name setup.exe

“When run, the malware immediately renders the fake BSoD experience,” Micosoft said. The malware apparently hides the mouse cursor (to make the user think the system is not responding). It also disables Task Manager (to prevent the user from terminating the process), and then displays the BSoD image, which occupies the entire screen (to prevent the user from using the PC).

This is not the first time that malware has sought to utilise the Windows blue screen of death. Six years ago Microsoft blamed a rootkit for BSoDs that hit some Windows XP users after a Patch Tuesday update.

A Windows Patch update was withdrawn in 2014 after  users reported problems including system crashes.

Are you a security pro? Try our quiz!