Anti-malware product scam ‘Hicurdismos’ targeting Windows users

27 October 2016

Anti-malware product scam ‘Hicurdismos’ targeting Windows users: Alert Priority Moderate

You are advised to be wary of malicious software (malware) that pretends to install Microsoft’s anti-malware product ‘Microsoft Security Essentials ‘ for Windows 7 and earlier, and may also deceive users of Windows 8 and Windows 10.

According to Microsoft’s Threat Research and Response Blog, the vendor recently identified a threat it called SupportScam: MSIL/Hicurdismos.A (Hicurdismos). Hicurdismos pretends to be an installer of Microsoft Security Essentials, the vendor’s anti-malware product for Windows 7 and earlier. (While Windows 10 and Windows 8 use Windows Defender as a default anti-malware product, Microsoft acknowledges that ‘some users may believe they also need to download and install Microsoft Security Essentials.’)

Instead of installing Microsoft Security Essentials, Hicurdismos installs malware onto the victim’s computer that brings up a fake version of a screen that states an error has occurred and the machine needs to restart.

The screen also includes a false contact number for technical support. ‘Calling the indicated support number will not fix the [problem], but may lead to users being encouraged to download more malware under the guise of support tools or software that is supposed to fix a problem that doesn’t exist,’ Microsoft says.

Hicurdismos is categorised as a ‘tech support scam’. These scams aim to trick people into installing malware and remote access tools on their computers to enable attackers to gain control of systems and information. Stay Smart Online has issued alerts about similar attacks in the past, including a variant where attackers will cold call people in their homes to try and scam them.

One way of identifying if the error message is a scam is the inclusion of a telephone number for technical support. Microsoft notes that ‘real error message screens do not include a technical support number. Instead they will provide you with an error code and instructions for more information.’ The vendor also reiterates that Windows 10 has Windows Defender built-in, so there is no need to install Microsoft Security Essentials.

Stay Smart Online recommends that if you need technical support, check the official Microsoft Support page or contact a local computer repair and support service.

If you have already been in contact with the scammer, Microsoft recommends that you:

  • Apply any security updates as soon as they are available
  • Perform a full scan with your antivirus product
  • Change your passwords.

Microsoft also suggests that you call your credit card provider to reverse any charges the scammers may have applied, and to monitor access to your systems.

If feel that you have been subjected to a cybercrime, you can report the issue to the

Australian Cybercrime Online Reporting Network (ACORN)

More informationStay Smart Online has more information about securing your computers.

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.

Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.

This information has been prepared by Enex TestLab for the Attorney General’s Department (‘the Department’). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.

Email:” style=”text-decoration:underline;”>
You are receiving this message at the address
If you no longer wish to receive this information, you can unsubscribe.


© 2016 Australian Government. All rights reserved