Microsoft warns of fake Security Essentials installer malware scam

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Wouldn’t it be a shame if, in trying to secure your PC, you inadvertently install malware and run the risk of being scammed?

We recently discovered a threat detected as SupportScam:MSIL/Hicurdismos.A that pretends to be a Microsoft Security Essentials installer. Microsoft Security Essentials is our antimalware product for Windows 7 and earlier. In Windows 10 and Windows 8, Windows Defender provides antimalware protection and is installed and enabled by default when Windows is installed. However, some users may believe they also need to download and install Microsoft Security Essentials.

Hicurdismos uses a fake Windows error message (sometimes called a “blue screen of death”, or BSoD) to launch a technical support scam. A real BSoD is a fatal error in which the screen turns blue and the computer crashes. Recovery from a BSoD error typically requires the user to reboot the computer.

The fake BSoD screen includes a note to contact technical support. Calling the indicated support number will not fix the BSoD, but may lead to users being encouraged to download more malware under the guise of support tools or software that is supposed to fix a problem that doesn’t exist.

Interestingly, the fake BSoD screen used by Hicurdismos mimics an error message used in Windows 8 and Windows 10, so users of these new Windows versions could also be at risk of being tricked by Hicurdismos.

The threat of technical support scams has been around for years, but it’s recently been observed to be growing. We’ve seen attackers becoming more sophisticated with their social engineering tactics to try to mislead users into calling for technical support and then they are asked for payment to “fix the problem” on the PC that does not exist. Real error messages from Microsoft do not include support contact details. See the bottom of this blog for links and information on how to contact Microsoft Support.


Hic1-1024x640.png

Figure 1. Hicurdismos displays a fake BSoD message that has contact details for fake support. Note: The real messages do not include support contact details, nor when you call for support are you asked for payment.

Hicurdismos is an installer that arrives via a drive-by download. SmartScreen Filter in Internet Explorer and Microsoft Edge flags this threat using the below prompts cautioning the user to not run or save the malware:

You will not get warnings like these when downloading and installing legitimate programs from Microsoft.

If the malicious installer is downloaded on the computer, it mimics the real Microsoft Security Essentials installer by using a similar icon. However, closer inspection will reveal differences in the file properties, including the filename. Hicurdismos uses the file name setup.exe.

Hic2.jpg


Figure 2. SmartScreen message notifying you about running an executable file that could harm your PC.

Hic3.png


Read more: Beware of Hicurdismos: It’s a fake Microsoft Security Essentials installer that can lead to a support call scam
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Nice try for those malware creators, exact type and definitely will kill some users without verifying the program's background.

Since its already been notified by Microsoft, so people should have strong mindset that their AV is already on the system of Windows and none any same MSE like program.
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Thanks for the share :)

Tried to call the tech support number for a bit of fun... No response. Damn.

We’ve seen attackers becoming more sophisticated with their social engineering tactics

=> lol, One day I will "play" with one of them (if the phone number isn't a surcharged one :D)
 
Last edited:

Batzzz

Level 1
Verified
Nov 25, 2015
16
Theyre getting more crafty now, interesting. Personally, dont ever run unverified files not in a sandbox or virtual machine.
 
  • Like
Reactions: Der.Reisende

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top