pixel_dreams - Fotolia
Researchers warn of new support scam malware
Security researchers have identified a new strain of support scam malware and a way of clearing up infected machines
New malware called “Troubleshooter” is designed to display a fake Microsoft Windows general protection fault error screen known as the “blue screen of death” to panic victims into buying an equally fake tool to fix the problem.
The malware displays a “troubleshooting” message claiming that the infected machine has encountered an “unexpected error” and that .dll registry files are missing resulting in computer failure, according to researchers at security firm MalwareBytes.
The message also warns that rebooting the computer multiple times will result in permanent operating system failure, and if a victim tries to reboot using the Control-Alt-Delete key combination, the malware displays an application error message.
When the victim clicks the button “diagnose and troubleshoot” the problem, the malware displays a message saying there is no automatic fix available and recommending that the victim buy a tool to restore Windows by repairing the Windows kernel and .dll files.
If victims opt to buy the offered tool, they end up paying $25 via PayPal to the operators of the malware for the bogus tool, which appears to fix the problem.
Troubleshooter is merely one of the latest versions of the classic decade-old support scam used by online fraudsters to trick users into paying for tools or services to fix non-existent computer problems.
The malware is the latest example of how cyber criminals tend to re-use tried and tested techniques and how organisations can improve their cyber defences by being familiar with the most commonly used attack methods.
Read more about support scams
- Beware printer helpline scam, warns NTS eCrime Team.
- Microsoft sounds alarm over fake security scam.
Tech support scammers use different methods for distributing themselves. “This particular one was offered as a cracked software installer,” according to a MalwareBytes blog post.
However, according to the blog post, the infection can be removed without paying the fee by rebooting the PC into Safe Mode, opening the Windows Temp file and removing the malicious file name “Troubleshoot.exe”.
Another, largely unaddressed, support scam technique is where scammers set up fake tech support sites that are artificially promoted to the top of search results to lure victims.
Fake tech support should be incorporated into security awareness training as it can be a highly effective way to trick employees into granting access to enterprise computer systems, according to John Tolbert, lead analyst at KuppingerCole.
He believes this type of support scam is remarkable because it does not rely on cold calls, it does not rely on phishing, it is not addressed in most security training, and results in giving the fraudster complete access to the PC, bypassing all security tools.
Small businesses are particuarly vulnerable to support scams as they are less likely to have IT support teams and employees or owners are more likely to try to resolve issues themselves or search for third-party tech support online.