Go to top of page

Anti-malware product scam Hicurdismos targeting Windows users

Priority Level: 
Moderate
26 October 2016

You are advised to be wary of malicious software (malware) that pretends to install Microsoft's anti-malware product 'Microsoft Security Essentials ' for Windows 7 and earlier, and may also deceive users of Windows 8 and Windows 10.

According to Microsoft's Threat Research and Response Blog, the vendor recently identified a threat it called SupportScam: MSIL/Hicurdismos.A (Hicurdismos). Hicurdismos pretends to be an installer of Microsoft Security Essentials, the vendor's anti-malware product for Windows 7 and earlier. (While Windows 10 and Windows 8 use Windows Defender as a default anti-malware product, Microsoft acknowledges that 'some users may believe they also need to download and install Microsoft Security Essentials.')

Instead of installing Microsoft Security Essentials, Hicurdismos installs malware onto the victim's computer that brings up a fake version of a screen that states an error has occurred and the machine needs to restart.

The screen also includes a false contact number for technical support. 'Calling the indicated support number will not fix the [problem], but may lead to users being encouraged to download more malware under the guise of support tools or software that is supposed to fix a problem that doesn't exist,' Microsoft says.

Hicurdismos is categorised as a 'tech support scam'. These scams aim to trick people into installing malware and remote access tools on their computers to enable attackers to gain control of systems and information. Stay Smart Online has issued alerts about similar attacks in the past, including a variant where attackers will cold call people in their homes to try and scam them.

One way of identifying if the error message is a scam is the inclusion of a telephone number for technical support. Microsoft notes that 'real error message screens do not include a technical support number. Instead they will provide you with an error code and instructions for more information.' The vendor also reiterates that Windows 10 has Windows Defender built-in, so there is no need to install Microsoft Security Essentials.

Stay Smart Online recommends that if you need technical support, check the official Microsoft Support page or contact a local computer repair and support service.

If you have already been in contact with the scammer, Microsoft recommends that you:

  • Apply any security updates as soon as they are available
  • Perform a full scan with your antivirus product
  • Change your passwords.

Microsoft also suggests that you call your credit card provider to reverse any charges the scammers may have applied, and to monitor access to your systems.

If feel that you have been subjected to a cybercrime, you can report the issue to the Australian Cybercrime Online Reporting Network (ACORN).

More information

Stay Smart Online has more information about securing your computers.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.