Tech

Novel malware dupes victims with fake blue screen of death

Malware creators are hijacking Microsoft Windows' infamous BSOD in a fresh malvertising campaign.

Written by Charlie Osborne, Contributing Writer Sept. 29, 2015 at 5:51 a.m. PT

A new malvertising campaign uses the Blue Screen of Death to scam users into handing over their money and potentially their identity.

Online search engines are used daily by millions of web users. In order to support the vast amounts of requests these search engines receive and process, search engine providers -- such as Google, Yahoo and Microsoft -- offer advertising platforms and packages for businesses. Users view sponsored links placed high up on a search results page, businesses gain more exposure and the search engine generates revenue.

However, search engine advertising is also a place ripe for exploit and is being used by cyberattackers in order to generate their own revenue. One of the most commonly-known techniques include setting up malicious domains which deliver malware payloads to victim machines -- resulting in slave systems, compromised PCs and data theft. Some attackers also set up fraudulent domains which appear legitimate in order to lure victims to input their account information.

Featured

Unfortunately, many online advertisement schemes run through third-party platforms and sometimes threat actors slip through the net -- resulting in fraudulent and malicious links being displayed on legitimate, trustworthy domains.

Now, a new and rather novel campaign has attracted cybersecurity firm Malwarebytes' attention.

In a blog post on Monday, the team at Malwarebytes revealed their findings on a new malvertising campaign which uses the infamous Microsoft Windows' Blue Screen of Death (BSOD) as its selling point.

The group uses BSOD to reel in potential victims as a social engineering technique. The security company found attackers bidding on popular phrases through Google's AdWords advertising space, including the YouTube keyword to display their adverts at the top of the search engine. This link is meant to go to the designated YouTube URL, but instead, clicking on this advert leads to a convincing web page complete with the BSOD image.

While some users will not be fooled, others without much technical knowledge are likely to be.

On the page, users are instructed to call a toll-free "helpline" to resolve the BSOD issue. The scammers are waiting at the other end for these calls, where they pretend to be Windows support and offer their victims expensive and non-existent "support packages" -- defrauding users of anything from $199 to $599.

However, this isn't necessary the end of a painful story. Malwarebytes says innocent PC users may also end up having their identity stolen and bank accounts rinsed of funds.

In this particular campaign, at least two domains have been registered to redirect users to the fraudulent pages through IP addresses in Arizona.

The campaign was reported to Google and the adverts were immediately pulled, but this is is only one such campaign out of thousands of scams appearing every day online.