Researchers have detected a new support call scam, which is leveraging on Microsoft’s Security Essentials.
Microsoft’s Security Essentials is an anti-virus solution, offered for free by the company to users of Windows 7 and older versions. Yesterday, Microsoft published an official warning saying this copycat Microsoft Security Essentials anti-virus is fake. Detected as SupportScam:MSIL/Hicurdismos.A, the scam`s only purpose is to trick its victims into thinking their computers have been infected so they would pay to fix the damage.
A very strange fact about this fraud is that it is targeting computers using Windows 8 and Windows 10 OSs but the actual package can be installed only on Windows 7 and older ones. Microsoft Security Essentials was replaced by Windows Defender in Windows 8 and 10, and this is pre-installed on all systems.
Once installed, the scam package will generate a Blue Screen of Death (BSOD) which is fake and includes elements that give away its actual goal, which is monetary gain. For example, the BSOD contains contact information, like a phone number, but Microsoft has never displayed this kind of details while showing an error information. Also, victims are recommended to call the number for help, which, of course, is not provided for free.
“The fake BSoD screen includes a note to contact technical support. Calling the indicated support number will not fix the BSoD, but may lead to users being encouraged to download more malware under the guise of support tools or software that is supposed to fix a problem that doesn’t exist.” – Microsoft explains.
The phone number is not the only way you can recognize this is a scam. For starters, when being downloaded, the name of the malicious file is “setup.exe” but his name is not used by Microsoft for Security Essentials installers. Second, if you look into the file`s properties you will find that the publisher is not Microsoft. In fact, a notification is shown by SmartScreen, which reads: “the publisher of setup.exe couldn’t be verified.” Those are the signs that confirm this is just another scam designed with the only purpose of stealing victims` money.
To really fool users, the scam displays a full-screen picture of Blue Screen of Death, hides the mouse cursor so the victim would think the computers is blocked, and also disables Task Manager.
In case of being infected, Microsoft recommends using Windows Defender Offline to remove the fake anti-virus in the easiest way possible. Also, the company reminds that users should never download files from unreliable and suspicious looking sources.
