ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Fake 'Blue Screen of Death' pushing scareware

By | August 4, 2009, 1:56pm PDT

Summary: Hackers are using the infamous Windows Blue Screen of Death to trick computer users into downloading fake security software (scareware). According to a discovery by Sunbelt Software, a Windows users are being shown the recognizable blue screen that signifies an operating system crash with a bright red “Security Alert” notice. (click image below for full version) The [...]

Hackers are using the infamous Windows Blue Screen of Death to trick computer users into downloading fake security software (scareware).

According to a discovery by Sunbelt Software, a Windows users are being shown the recognizable blue screen that signifies an operating system crash with a bright red “Security Alert” notice. (click image below for full version)

The rogue security software used in this scam is called SystemSecurity. It infects Windows machines via fake codec and fake Flash Player update packages planted on malicious Web sites.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

BSOD, Blue Screen, Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
44
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Fake 'Blue Screen of Death' pushing scareware
birumut Updated - 29th Apr 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat
View in thread
0 Votes
+ -
Find the people behind this
Lerianis10 4th Aug 2009
And send government strike teams to
kidnap/extraordinary rendition them back to the
United States to face charges.
0 Votes
+ -
Yeah, beacuse...
The 'G-Man.' 5th Aug 2009
Two wrongs always make a right. Well in the US anyway!
0 Votes
+ -
Saves money...
sframberger@... 5th Aug 2009
Two wrongs may not make a right, but one doesn't have to feed bad people that have been dropped into the ocean from 18,000 feet.
0 Votes
+ -
Oops!
Tim.M 6th Aug 2009
Equipment malfunction...
0 Votes
+ -
Those sound like the words of
unclefixer@... 5th Aug 2009
an aspiring scareware, trojan, adware, virus, all-around crapware
author....
0 Votes
+ -
Wrong? what is this word?
I Hate Malware 6th Aug 2009
Signed the President.
0 Votes
+ -
Bring them where?
tom@... 5th Aug 2009
Why bother bringing to the US, turn them over to the Mossad or the the British SAS for questioning and keep them away from technology.

How about the old french prison on devils island.

Or you cap them right at their computers and let their buddies find them.
0 Votes
+ -
Death penalty for hackers?
keithparks 5th Aug 2009
Really??

I mean, spreading viruses, malware, etc. is bad, costly, disruptive,
annoying... but punishable by death?
0 Votes
+ -
Yeah maybe, but
anon123819284012 Updated - 20th Nov 2010
deleted
0 Votes
+ -
Charges? My suggestion would be
unclefixer@... 5th Aug 2009
That they be flogged with their own keyboards- one whack for each
infected machine-
IMHO
0 Votes
+ -
WT?
I Hate Malware 6th Aug 2009
Exraordinary rendition? Did you mean extradite or expadite? I've heard extraordinary renditions at kaoroke before.
0 Votes
+ -
Extradite
anon123819284012 Updated - 6th Aug 2009
Expedite means "To speed up the progress of; accelerate." according to http://www.thefreedictionary.com/expedite
expadite does not exist. Wikipedia can explain extradition of suspected or convicted criminals if thats what your asking
0 Votes
+ -
err 'scuse me
paul_bruford@... 6th Aug 2009
extraordinary rendition is the process of taking illegally detained, largely innocent bystanders AWAY FROM 'merca to the few places with even lower respect for human rights.
tho i guess i kinda understand how you feel, a really pesky infection can make you want to go find the sucker who wrote it and slowly beat him to death.

which is better than admitting that you own backup routine is not all it should be and just reinstaling from backup at the first sign of something amiss
0 Votes
+ -
"alt F4" defeats most malware for the "average user"
~doolittle~ 4th Aug 2009
You are in a room. There is a phone. It is ringing.
----
# answer phone

(voice from phone) "Oh Hi, it's just me again - I have this strange blue screen I think my computer crashed!"

(you) "Oh hi Mom... I hate it when that happens. See if you can press ALT + F4. No you have to hold down ALT like a shift key, then as it's pressed down hit the F4 button above the real #4"

(voice from phone) "Oh, that did it, I can see my word document again. How do you know these things?"

(you) "Well ever since Windows 3.1 that has worked very well. Bye!"

----

lol
0 Votes
+ -
You forgot part 2
D2 Ultima 6th Aug 2009
When "alt F4" doesn't work, just let them hold down the power button till the screen goes black then start up the computer again. It's harsher but for those really tough "malwares" that you know don't like to let the program close? It does the trick.
0 Votes
+ -
Is that the actual screenshot?
gtvr 5th Aug 2009
You'd think these billion-dollar crime gangs could afford a proofreader.
0 Votes
+ -
LOL I was thinking the same thing...the grammar alone should ...
TheBottomLineIsAllThatMatters 5th Aug 2009
tip off the reader. LOL - What a nimrod -
0 Votes
+ -
Does the "average user" actually read error messages?
stephenlposey@... 6th Aug 2009
You'd think the spelling and grammar would be a tip off, but does the mythic "average user" actually read error messages or do they just panic and click whatever looks safest or will fix things?

OTOH, being a frequent flyer on UseNet I wonder whether the average user's spelling and grammar are any better. wink

Stephen Posey
stephenlposey@earthlink.net
0 Votes
+ -
Nope =)
D2 Ultima 6th Aug 2009
The average user watches an error and panics as if they were going to die. They do not read it, and the first time they tell you the problem is when they actually read the thing. And the "average user's grammar" being good or bad doesn't help. Even people with no spelling and/or grammar problems are fooled by the *WORST* spelling in fake messages.

I'm talking something like "your comptuer is infceted!! download this anitvirus and it clean you out! dont leave your computer security unportected!! download adn be saef today!!" has fooled more than 7 people at my last job (school network was spreading the virus).
0 Votes
+ -
Ah, but spelling and grammar are pass?
stephenkca 10th Aug 2009
If you had seen some of the undergrad papers I have recently read you probably would have written "the grammar alone should tip off most readers over thirty." X-/
0 Votes
+ -
That's "passe"
stephenkca 11th Aug 2009
The "?" was an e accent egout. Apparently this site doesn't accept high ASCII characters.
0 Votes
+ -
RE: Fake 'Blue Screen of Death' pushing scareware
seymouralexander@... 5th Aug 2009
You get something similar going on to the www.haaretz.com website; a phoney program called 'Personal Anti Virus' claims that you have hundreds of infections and trojans and then offers to fix them for $79.99. Don't answer 'Y' !!!
0 Votes
+ -
Shhh,
tealcat 5th Aug 2009
don't tell people about "Personal Antivirus". I have made a lot of money getting that off infected PCs when the idiot owners fall for it.
0 Votes
+ -
RE: Fake 'Blue Screen of Death' pushing scareware
Bilmekanikeren 5th Aug 2009
The giveaway is the bad English.
0 Votes
+ -
RE: Fake 'Blue Screen of Death' pushing scareware
Robuntu 5th Aug 2009
Hey..At least this one is creative.
0 Votes
+ -
More dumb people out there than you think...
jerry@... 5th Aug 2009
...And I mean computer ignorant although they may be have genius IQs. But it would help if we knew what sites this has shown up on. If it's kiddie or regular porn sites and sites that allow illegal downloading then they should have the sense to know that malware on these sites is more than possible, it's inevitable.

Remember when AOL email was the source (or so it seemed) of most malware? I still can't get myself to open attachments from AOL users email even if I know them personally.
0 Votes
+ -
RE: Fake 'Blue Screen of Death' pushing scareware
Dragoon212 5th Aug 2009
The give away is that it's a Blue Screen of death.. in a browser window?
0 Votes
+ -
Poor grammar
ccfman2004 5th Aug 2009
That red box has very poor grammar to be real
0 Votes
+ -
lol
I Hate Malware 6th Aug 2009
are you one of the co-authors? Don't comment before checking you're own.
0 Votes
+ -
Fake "System Security 2009" experience
Jim.Callahan 5th Aug 2009
Had user with this one. Very nasty trojan. Disables most tools (task manager, anti-virus, web browser) by falsly claiming they are infected. Even bold enough to taunt user by infecting wallpaper with message!!!

Claimed all you needed to do was buy their software.

After unsuccessfully scanning with AVG anti-virus; had to reboot into SAFE MODE WITH NETWORKING and then follow the instructions on this Microsoft.com page:

http://social.answers.microsoft.com/Forums/en-US/vistasecurity/thread/ba80504b-61f1-4d71-960f-b561798b7b42

Fixed problem without having to purchase another program.

Jim Callahan
Orlando, FL


0 Votes
+ -
This can't happen in Windows, esp. Vista!
Joe.Smetona 6th Aug 2009
At least that is what's been posted by the leading ZDNet Windows advocates.

Seriously, when do Window's uses have time to get any work done?

Time to re-think using Windows.
0 Votes
+ -
RE: Fake 'Blue Screen of Death' pushing scareware
RAMChYLD 5th Aug 2009
Who are they fooling? Everyone knows that when a BSOD appears, everything else disappear. To have a BSOD appearing in IE wouldn't fool anyone but those who've never used a PC before :P
0 Votes
+ -
It will probably fool most of my customers (nt)
eric_s@... 5th Aug 2009
NT
0 Votes
+ -
It would fool most of my users also.
dank953@... 6th Aug 2009
Most of them have Master's degrees, so not dumb
people, just not PC technicians.

I'd bet that if you put up most of your car
questions on a mechanic's board they'd say "Bunch
of idiots have no right to own cars." But you do
anyway.
0 Votes
+ -
you ought to read my post too...
D2 Ultima 6th Aug 2009
But there's a difference with Mechanic questions and basics about computers. A drivers license (not bought of course) is the equivalent of learning to use the car and knowing safety rules of the road. Using a computer and only knowing Facebook, Youtube and typing in MS Word isn't knowing basics of a computer and definitely not knowing any safety rules at all. There's a big diff I would think.

I also have problems with Master's degree idiots (I must say idiots because they don't understand simple rules, instructions and/or explanations given to them just because it's about a computer)
0 Votes
+ -
RE: Fake 'Blue Screen of Death' pushing scareware
I Hate Malware 6th Aug 2009
OMG anybody dumb enough to fall for that deserves to have their computer taken of them and a slap over the head as well. Honestly the grammar is pathetic and a true blue screen will not instruct you to download or upgrade software. Ha ha ha ha ha
0 Votes
+ -
RE: Fake 'Blue Screen of Death' pushing scareware
ImaGremlin 6th Aug 2009
I guess it could fool my mum... yet, she'd ask me before doing anything. She got her first laptop recently and has never seen a blue screen.

Then again, he could be running any OS, see that, and think she has a problem.

0 Votes
+ -
Who is dumb enough...
D2 Ultima 6th Aug 2009
... to fall for this??? Seriously this is ridiculous, there's horrible language in the security alerts, almost no punctuation... also blue screens of death shut down the computer not leave it running and only show the screen through IE7... Especially since IE7 was always a failure to me, and IE8 is the better way to go if using IE no matter how I look at it.

And the worst part is, I know people who would fall for that... People with Master's degrees... And even someone with a PhD...
*sigh* I think people should at least learn the basics about using a computer. That's why they love Macs so much, they're dumb and Macs let Apple handle everything so you don't have to. Actually Macs force users to let Apple handle everything. They're so dumb they're fine with that.
0 Votes
+ -
RE: Fake 'Blue Screen of Death' pushing scareware
ranels 7th Aug 2009
My son's computer is infected with this (I think) and will not allow him to connect to the internet or basically anything? What can I do?
0 Votes
+ -
The first thing I'd do...
JCitizen 10th Aug 2009
is reboot and press F8 to begin entering "Safe Mode", then attempt to gaid control of the PC.

If there is no AV or anti-spyware already installed, you may need to get an emergency recovery scan disk made from someone's clean computer that has that type of AV solution on it.

Most folks just wipe the drive and recover with whatever system recovery disc/ partition was supplied with the unit. If you don't understand the words I'm saying, you might have better luck googling for just such a thing on a search engine and look for newbie solutions, that are written for folks unfamiliar with computing.
0 Votes
+ -
RE: Fake 'Blue Screen of Death' pushing scareware
volksware@... 10th Aug 2009
....send them to its "creater".

Jeez, you'd think these people would a least check spelling/syntax before sending this crap out. Might make it look a little more legit.
0 Votes
+ -
Pretty Creative if You Ask Us
thebackupguru 30th Dec 2009
Not sure who would fall for it, but I am sure there are those that will. We use computer crash simulation software in our videos. You could easily build in a bright shiny red page that says Fix It Now.

Bottom line backup your computers, and Blue Screen of Death not that big of a deal.

Video at bottom of page if you want to see simulation software: http://theonlinebackupguru.com/
0 Votes
+ -
RE: Fake 'Blue Screen of Death' pushing scareware
avgarrison 9th Jan 2010
If you want to prank a friend, try this flash app which lets you put up a fake BSOD:
http://andrewgarrison.com/games/ultimategoat
0 Votes
+ -
RE: Fake 'Blue Screen of Death' pushing scareware
birumut Updated - 29th Apr 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix