As I reported a while back in my Fantom ransomware report, malware that cloaks itself as legitimate Microsoft software is on the rise. It is so convincing to many users that new infections are popping up every day. Once again there is a new malware threat tricking users through the Microsoft name. The malware in question has been named Hicurdismos and uses the threat of a fake "Blue Screen of Death" after infection to cause more infections.
In a security blog post, the Microsoft Malware Protection Center showed a thorough analysis of how Hicurdismos operates. The bait is similar to other scareware attacks, namely in that Hicurdismos tricks the user into downloading a fake copy of Microsoft Security Essentials. Immediately this should raise alarm bells to those in-the-know, as MSE is no longer being used for the Windows OS (the default antivirus is now Windows Defender). Not enough people know this, and despite the continual warnings against downloading an .exe file, there have been numerous incidents in which the .exe file containing Hicurdismos has been opened.
Once the malware has taken hold of the system, the task manager is disabled and a fake Blue Screen of Death appears. Unlike a real Blue Screen of Death, the fake image has a phone number that will connect you to scammers.
Since this is scareware, it is also a social engineering attack. The infection creating the BSoD is phase one of the attack; phase two is getting the infected user to call the fake technical support number. As Microsoft states, "real error messages from Microsoft do not include support contact details," but the number listed on the fake BSoD screen has still received numerous calls. Once put in touch with the false tech support, the victim is led by the black hats to install more harmful software and ultimately give them total control of their system.
Microsoft has made it clear that they, as well as local scam-prevention authorities, want every instance of Hicurdismos reported directly to the company. The best way to avoid infection by this malware is to take Microsoft's advice:
"When you receive a phone call or see a pop-up window on your PC and you are uncertain whether it is from someone at Microsoft, don’t take the risk."
Photo credit: Microsoft