malwareiconThe dreaded “Blue Screen of Death” has been an unfortunate part of the Windows experience since the early days of desktop computing, but now it is being used to the advantage of scam artist.  Microsoft has put out a warning over a recent batch of malware that mimics a “Blue Screen” crash and encourages users to call a fraudulent hotline.

Microsoft has called this malware Hicurdismos, and warns that it is spread through the practice of “drive by download”.  When a user visits a compromised website, they receive a pop-up advertisement stating that they either need to download or upgrade Microsoft Security Essentials.  Security Essentials, as you may be aware, is an antimalware program that is available for Windows 7 or 8.  By using a familiar brand, scammers give users a false sense of security and make them more likely to download the malware.

Blue Screen Crash Comparison

Blue Screen Crash Comparison

If a user downloads the infected file they will shortly experience a blue screen style splash screen that is nearly identical to the real thing.  In order to make the scam more believable, the malware disables the Task Manager and hides the mouse cursor on the infected machine.  The main difference between Hicurdismos and a real crash screen is the inclusion of a 1 800 number, which directs users to a fraudulent call center.  Microsoft warns that any attempts to contact the support number could lead to further malware, fees, or the installation of software intended to fix a problem that doesn’t exist.

Hicurdismos is just the newest version of social engineering malware that first started to show up two years ago.  Instead of relying purely on destructive or brute force tactics, social engineering malware works to subvert a user’s best interest.   This type of malware typically hides itself as a beneficial program that a user will grow to trust.  In this way, social engineering malware can remain on a user’s computer for a long period of time and run silent.  The benefit to scammers is that over time, they can use these programs to monitor and steal valuable information, most commonly financial information.

When it comes to social engineering malware and especially Hicurdismos, there are a couple things that can give it away as fraud.  For users who have upgraded their operating system recently, the most obvious red flag is that Security Essentials has been replaced by Defender in Windows 8 and 10.  Furthermore, Microsoft does not deliver update notices in standard browser windows.  Popups that promote antivirus scans, or give malware detection warnings, all fall under the same category and should be ignored.

If you are unfortunate enough to encounter Hicurdismos or any other malware masking itself as an official Windows service you should report it directly to Microsoft.  The more information that is known about these scams the more likely that they will be shut down in a timely manner.

– Richard Keene
IT Computer Support of New York
Webmaster and Lead Designer