It is not new that malware developers are making their error message as realistic as possible.
The new threat out there shows a very convincing Windows error message. Initially it looks like ea legitimate Microsoft Security Essentials installation file, and it has been making rounds around the download community.
Once this gets installed on a computer, it displays a fake blue screen of death (BSoD) window, stating that the computer ran into a problem. A support number is displayed at the bottom. Once the unsuspecting victim calls the support number, it might lead to further infection or getting their computers in deeper trouble as per Microsoft.
There are lots of malware that does this modus operandi to trick users to call their bogus support numbers, and their numbers are on the rise.
The company began warning about the malware, which surfaced last week, in a blog entry at its Malware Protection Center last Friday.
According to MMPC researchers Francis Tan Seng and Alden Pornasdoro, a user would have to bypass warnings that pop up on both Internet Explorer and Edge in order to download the malicious .exe file.
Once downloaded, it can easily fool people to install it because it shows the same logo for the installation file as the original. See image below.
It uses a very nifty trick, once it has been ran, the mouse cursor is hidden, disables Task Manager and displays the realistically bogus BSoD image.
If you by chance call the fake support number, they might end up installing more malware or installing fake software fixes to fix a non-existent error.
Although their support number is still active, this so-called “Microsoft-certified support company” does not provide any information about their whereabouts and company name.
As Tan Seng and Pornasdoro point out, a legitimate blue screen of death screen include an error code so users can search for more help and never include a phone number. Victims are encouraged to report incidents involving the malware to Microsoft and the Federal Trade Commission.
Microsoft Security Essentials was an antivirus for windows 7 but was later discontinued with Windows 8 and 10.
Eventually, Windows Defender replaced Microsoft Security Essentials in the newer versions of Windows.
However, some people are still susceptible to the suggestion that they still need it and the said fake error mimics the same errors which Windows 8 and 10 uses.
Malware purporting to be legitimate Windows software has become a bit of an institution over the years. A strain of ransomware, Fantom, was discovered two months ago masquerading as a fake critical Windows update. The malware, based on the open source EDA2 ransomware project, encrypted victims files under the guise of a fake update screen. The ransomware duped users by saying it was “configuring critical Windows updates” while it displayed a spinning counter that ticked off percentage points as it encrypted files.
Last summer, shortly after Windows 10 was released, attackers began launching spam and phishing email campaigns around the operating system. Victims received messages claiming users could upgrade to Windows 10 for free. Those who downloaded the malicious .zip archive were ultimately hit with CTB-Locker ransomware and had their files encrypted.
The FTC took aim at shady tech support organizations two years ago, shuttering a handful of services which used software to trick users into thinking their computers were broken. That particular scam depended on consumers downloading software that boasted it would enhance a computer’s performance or security. Consumers would have to call a number where additional bogus software would later be pushed.
