Security is a huge (and growing) issue in the ever-more connected world in which we live. Malware has plagued computers for years, despite many tools being available that work to prevent it.
Microsoft has released a post on its TechNet blog which warns of one particular piece of malware that imitates Microsoft Security Essentials. Known as Hicurdismos, it acts as a Security Essentials installer, when in truth, it is just malware. Once installed, it will throw a fake Blue Screen of Death (BSOD) error message. This message intends to replicate the BSOD that we all know too well. But, as Microsoft states, there are a few ways to tell if someone has downloaded the official Security Essentials or a fake:
- The name of the downloaded file is setup.exe - Microsoft does not use this for official Security Essentials installers
- The BSOD screen includes contact information - real BSOD messages do not contain contact information
- File properties will be different; for example, the 'Company' will not be listed as Microsoft Corporation and the file size will be less than 1MB
The company also notes that users on Windows 8 or Windows 10 do not need Security Essentials, as the same functionality is baked into Windows Defender.
For this particular piece of malware, the BSOD displayed shows technical support information and asks affected users to call it. Calling this number is a scam. Upon calling, they'll ask for payment details to fix the problem - a problem that doesn't actually exist - then users will still have this malware on their PC.
If a PC is infected with this malware, Windows Defender Offline can be used to remove it. This will be able to remove the malware without needing to be connected to the internet or have full PC access, as the operating system does not need to be started to make use of it.
Finally, Microsoft recommends reporting the incident to them. Microsoft continually collects data on reported scam incidents involving Windows and investigates accordingly, while also liaising with relevant authorities. You can report it to the company using their Report a Scam form.