Warning Issued on Fake Microsoft Security Essentials Installer

By Richard Anderson

A fake Microsoft Security Essentials installer is being used by scammers to fool users into calling a bogus tech support team. The fake Microsoft Security Essentials installer generates what appears to be Microsoft’s infamous “blue screen of death.” The mouse arrow is disabled and users are prevented from opening up task manager.

To fix the problem they are told they must call a tech support line. Calling the support line will require the user to part with their credit card details in order to pay for support, download and install software to fix a non-existent problem, or simply install additional malware on their computer.

The fake installer is a malware variant called Hicurdismos. The fake Microsoft Security Essentials installer is being distributed bundled with other software downloads, or arrives as a drive-by download. Users are at risk of drive-by Hicurdismos downloads if they use the Microsoft Edge or Internet Explorer browsers. Visiting a malicious website will prompt the user to download a file called setup.exe. If the executable is run it will generate a blue screen of death indicating the computer has crashed. The malware injects code that will run at start up ensuring its persistence. The fake blue screen of death will then appear randomly and requires a reboot to clear the screen.

The threat has been rated as severe by Microsoft and a warning has recently been issued about the fake Microsoft Security Essentials installer and its associated technical support scam. While the blue screen of death generated by the malware looks very similar to that used by Microsoft, although there are some tell-tale signs that the error screen is not genuine. Fist, the error screen used is taken from Windows 8 and Windows 10 versions, although the malware mimics Microsoft Security Essentials which is used on Windows 7 and earlier versions.

Microsoft points out that it never includes a phone number on the screen asking users to call for assistance. Genuine error messages include an error code together with a link that users can click to find out more information about the problem.

If infected, the scam should be reported to Microsoft and the FTC and advice on removal sought from the Microsoft Answers Desk.

Image source: Microsoft

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news