Tech Support Scam Uses Fake ‘Blue Screen Of Death’

Windows users are being cautioned about a devious new support scam that uses a fake blue screen of death (BSoD).

The warning came from Microsoft’s malware protection centre, which has labelled it “SupportScam: MSIL/Hicurdismos.A”.

Support Scam

Redmond labelled the threat as “severe” and said that SupportScam malware pretends to be a Microsoft Security Essentials installer.

Microsoft Security Essentials is of course the freebie anti-virus tool that shipped with Windows XP, Windows Vista and Windows 7 (Windows 8 and 10 use Windows Defender instead).

“We recently discovered a threat detected as SupportScam:MSIL/Hicurdismos.A that pretends to be a Microsoft Security Essentials installer,” Microsoft blogged.

“Hicurdismos uses a fake Windows error message (sometimes called a “blue screen of death”, or BSoD) to launch a technical support scam,” it wrote. “A real BSoD is a fatal error in which the screen turns blue and the computer crashes. Recovery from a BSoD error typically requires the user to reboot the computer.”

However it seems that this fake BSoD screen includes a note to contact bogus technical support. When the user calls the indicated telephone number, they are at risk from downloading more malware pretending to be support tools, in exchange for a fee.

The fake BSoD screen used by Hicurdismos mimics an error message used in Windows 8 and Windows 10.

Fake Icon

Microsoft said that real error messages do not include support contact details, and it cautioned that the malware uses an icon that looks remarkably similar to the official Microsoft Security Essentials icon.

“Hicurdismos is an installer that arrives via a drive-by download,” wrote Microsoft. “If the malicious installer is downloaded on the computer, it mimics the real Microsoft Security Essentials installer by using a similar icon. However, closer inspection will reveal differences in the file properties, including the filename. Hicurdismos uses the file name setup.exe

“When run, the malware immediately renders the fake BSoD experience,” Micosoft said. The malware apparently hides the mouse cursor (to make the user think the system is not responding). It also disables Task Manager (to prevent the user from terminating the process), and then displays the BSoD image, which occupies the entire screen (to prevent the user from using the PC).

This is not the first time that malware has sought to utilise the Windows blue screen of death. Six years ago Microsoft blamed a rootkit for BSoDs that hit some Windows XP users after a Patch Tuesday update.

A Windows Patch update was withdrawn in 2014 after  users reported problems including system crashes.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago