Meet Hicurdismos, a Windows scareware that is fooling many

As I reported a while back in my Fantom ransomware report, malware that cloaks itself as legitimate Microsoft software is on the rise. It is so convincing to many users that new infections are popping up every day. Once again there is a new malware threat tricking users through the Microsoft name. The malware in question has been named Hicurdismos and uses the threat of a fake “Blue Screen of Death” after infection to cause more infections.

In a security blog post, the Microsoft Malware Protection Center showed a thorough analysis of how Hicurdismos operates. The bait is similar to other scareware attacks, namely in that Hicurdismos tricks the user into downloading a fake copy of Microsoft Security Essentials. Immediately this should raise alarm bells to those in-the-know, as MSE is no longer being used for the Windows OS (the default antivirus is now Windows Defender). Not enough people know this, and despite the continual warnings against downloading an .exe file, there have been numerous incidents in which the .exe file containing Hicurdismos has been opened.

Once the malware has taken hold of the system, the task manager is disabled and a fake Blue Screen of Death appears. Unlike a real Blue Screen of Death, the fake image has a phone number that will connect you to scammers.

bsod_real2
Real “Blue Screen of Death”
bsod_fake2
Hicurdismos’ fake “Blue Screen of Death” features a phone number

Since this is scareware, it is also a social engineering attack. The infection creating the BSoD is phase one of the attack; phase two is getting the infected user to call the fake technical support number. As Microsoft states, “real error messages from Microsoft do not include support contact details,” but the number listed on the fake BSoD screen has still received numerous calls. Once put in touch with the false tech support, the victim is led by the black hats to install more harmful software and ultimately give them total control of their system.

Microsoft has made it clear that they, as well as local scam-prevention authorities, want every instance of Hicurdismos reported directly to the company. The best way to avoid infection by this malware is to take Microsoft’s advice:

“When you receive a phone call or see a pop-up window on your PC and you are uncertain whether it is from someone at Microsoft, don’t take the risk.”

Photo credit: Microsoft

About The Author

2 thoughts on “Meet Hicurdismos, a Windows scareware that is fooling many”

    1. Derek Kortepeter

      Hey Dan,

      I consulted Microsoft’s official report and came up with the following sentence. “Apply all security updates as soon as they are available. Do a full scan to remove the threat.” Microsoft already knows about this particular scareware and have configured its antivirus to remove it during a scan. Use Windows Defender Offline.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top