Scammers: ‘Gunna be lit, fam’
Microsoft is warning of fake copies of its Security Essentials that if executed will throw a fake blue screen of death, pwn machines, and lead users to technical support scams.
Redmond regards the threat dubbed Hicurdismos as a severe threat which compromises PCs typically through bundled software installers and drive-by-downloads.
Microsoft’s anti-malware and security men Francis Tan Seng and Alden Pornasdoro warn customers Hicurdismos will throw a full screen blue screen of death, disabling the ctrl+alt+delete task manager to prevent the user bypassing it, and hiding the mouse cursor to make it appear more legitimate.
Hicurdismos misleads users and lures them into “calling a number that can lead to a fake technical support scam,” the pair say.
“The threat of technical support scams has been around for years, but it’s recently been observed to be growing.
“We’ve seen attackers becoming more sophisticated with their social engineering tactics to try to mislead users into calling for technical support and then they are asked for payment to ‘fix the problem’ on the PC that does not exist.”
The blue screen of death is a tidy clone of the legitimate and much-hated kernel panic, sans the addition of a single line: “If you would like to resolve the issue over the phone you can call our support at 1-800-418-4202.”
This writer attempted to call the scammers in an ongoing bid to bribe them to snitch on their operations, but the number was disconnected.
Decent antivirus products will remove the threat, while web browser script blockers and an avoidance of trash software installers will help reduce the likelihood it is encountered.
Microsoft would do well to litter its warnings with slang and GIFs.
A survey the tech giant released last week found Millennials are far more likely to fall hook and sinker for tech support scams than greybeards.
This could be thanks to the proliferation of blue screen of death tech support scams on popular torrent sites like the now scuppered Kick Ass Torrents, and the still afloat Pirate Bay.
Some security wonks are fighting back.
Ivan Kwiatkowski In August he permitted a tech support scammer to access his virtual machine and tricked the operator into opening a file that infected their machine with the Locky ransomware. ®