Other issues in this category (13)
The QR western: The Dead, the Blue and the Fake
Wednesday, December 13, 2017
Microsoft decided to change its renowned blue screen of death (BSoD). In the upcoming Windows 10, scheduled for summer release, it will display a sad smiley face as well as a QR cоde that directs users to the corresponding Help section once they’ve scanned the code..
Convenient? Indeed. But how hard can it be to craft a program that will display a similar QR code in full screen mode?
Android.BankBot Trojans try to acquire administrative permissions on devices. One particular thing they do is display installation prompts on top of standard system notifications in an attempt to get users to install some “extensions”.
Android.SmsSpy.88.origin steals online banking login credentials by displaying a bogus authentication dialogue on top of running online banking applications.
Those programs run under Android, but who can prevent attackers from doing the same under Windows?
This fake BSoD gets onto computers together with potentially dangerous programs—the executable file is downloaded while the installer is running, and the file has a valid digital signature. The malicious program collects information about the user, relays it to attackers, connects to its command and control (C&C) server and waits for a suitable moment.
When that moment comes, the malware generates a fake blue screen of death, disables the keyboard and mouse, and shows a phone number on the screen that belongs to criminals. Users who called the number were instructed by a "support engineer" to install a remote administration program, launch a fake anti-virus scanner (a bat file), and pay for a one-time curing session—or even subscribe to their service!
The laziest scammers chose to do things another way: they made sure that links to their sites appeared in online ads. The site's page displayed the BSoD along with their phone number. They weren't the least bit discouraged by the fact that the crash screen would only appear in the browser window and as such can be closed easily.
The Anti-virus Times recommends
To prevent a similar thing from happening to you, make sure that malware can't be launched on your computer. The measures you need to take are few:
- Use an anti-virus.
- Restrict user permissions.
- Install updates promptly.