Microsoft has sounded the alarm over a fake installer for its Security Essentials, which attempts to trick victims into contacting bogus help centers.
Tech-support scammers have stepped up their technical game, prompting a "severe" warning from Microsoft over new Windows malware that mimics Microsoft's free Security Essentials antivirus, and then displays a fake blue screen of death, or BSoD, with an error message and a suggestion to call a 1800 number that is not a Microsoft support center.
The malware, which Microsoft calls Hicurdismos, disables Task Manager to prevent the user from terminating the fake BSoD and hides the mouse cursor to make the user think Windows is not responding.
Hicurdismos is a crafty example of an emerging tactic that's having greater success at roping younger people into tech support scams. Instead of cold-calling would-be targets, scammers are using online pop-up ads and fake security warnings to encourage people to contact a bogus support center.
"Real error messages from Microsoft do not include support contact details," Microsoft said on its Malware Protection Center blog, warning of the new threat. It also never asks for payment for delivering tech support.
"We've seen attackers becoming more sophisticated with their social-engineering tactics to try to mislead users into calling for technical support and then they are asked for payment to 'fix the problem' on the PC that does not exist," Microsoft added.
Security Essentials is Microsoft's anti-malware product for Windows 7 and earlier. Windows 8 and Windows 10 ship with Windows Defender enabled, so there's no need for these users to install Security Essentials.
However, users of the newer versions of Windows can still be tricked into installing the fake Security Essentials and if they do, they'll see a BSoD message that's identical to the real BSoD error message in Windows 8 and Windows 10, except for the addition of suggested 1800-number to call for help.
According to Microsoft, the malware is from a company purporting to be Bluesquarez LLC. Once installed, the file uses a similar castle icon to Security Essentials but a different filename, setup.exe.
Since the bogus Microsoft product hasn't been signed by a Microsoft certificate, users should see warnings from Microsoft's SmartScreen noting that running the software could be harmful.
A recent survey by Microsoft found that half of the respondents aged between 18 and 34 years had fallen for a tech-support scam, which was a far higher rate of impact than for older groups.
Younger people were also more likely to be exposed to fraudulent webpages and pop-up ads. Interestingly, countries that are hardest hit by tech-support scammers are also more likely to believe that Microsoft would reach out to them to offer support.