Threat Database Adware '800-431-228' Pop-Ups

'800-431-228' Pop-Ups

By GoldSparrow in Adware

Computer security experts alert that the '800-431-228' pop-up windows are not to be trusted as they offer misleading information and may lure users to call a fake technical support line. The '800-431-228' pop-ups are not generated by security mechanisms managed by Microsoft Corp. and legitimate security vendors. The '800-431-228' notifications are displayed on phishing pages that are registered on the 77.104.174.82 IP address. The '800-431-228' notifications are shown via pop-up loops, which are scripts that are interpreted by your browser as a command to keep a particular message on display for an indefinite period. Consequently, Web users that stumble upon the '800-431-228' warnings are unable to load bookmarked pages, switch tabs, and close the browser window normally. You will need to open the Task Manager and kill the browser's process manually if you are to bring down the '800-431-228' notifications from your screen. We have found that the '800-431-228' fake security alerts are hosted on pages like:

Scan-system[.]xyz/msoft.warning.scan/mozilla/
Security-error-reported[.]in/1/chrome/auth.php
Security-error-reported[.]in/2/chrome/auth.php

The messages shown to users may include the logo of Windows and a screenshot of Support.microsoft.com that is the official support page for Microsoft customers. The '800-431-228' pop-ups windows are reported to appear as a login request and feature the following text in more than a dozen languages:

'Safety Windows
iexplore.exe

To enter security-error-reported.in you need a usernamed and a password. The servers of Microsoft
has detected suspicious activity from your IP address.
Contact microsoft Engineers at 1-800-431-228 (Toll Free Australia) or 0-800-069-8527 (Toll Free UK)
for Technical Assistance for network and security support.
[TEXT BOX|username]
[TEXT BOX|password]
Remember login
[OK|button] [Cancel|button]

Both phone numbers listed above are recorded to be used by con artists who claim your machine is comprised, and you need to pay more than 300 USD to have it fixed. Calls to 800-069-8527 and 800-431-228 are not encouraged as you will not be provided with help by certified computer experts. The scenario of the hoax is very simple—a user calls the phone number shown on the 'Safety Windows iexplore.exe' window and a "support agent" asks for remote desktop access to your PC. As long as you do not grant the fake experts remote access to your system all is fine. Unfortunately, some users may believe the statements on pages like Security-error-reported[.]in and allow a technical support agent to operate their machines, which may lead to them being locked out of their own PCs. That way the fraudsters might demand more money to let them back in and "prevent viruses" from infecting them again. Cyber security analysts remind users to be cautious when a Web page shows security warnings and deny remote desktop connections from untrusted sources. AV engines that scan scripts inside Web pages may present alerts with the following detection names if you load pages like Scan-system[.]xyz:

  • Downloader-FBPB!6D8855F76FD9
  • MSIL/TrojanClicker_Agent.NQN!tr
  • Packed-NB!D800F39CC8B6
  • RDN/Generic Downloader.x
  • TROJ_GEN.R021H0CG717
  • Trojan ( 0050843a1 )
  • Trojan-Downloader ( 0050e74f1 )
  • Trojan.CL.Agent!t74PQ3NB8Pc
  • Trojan.Generic.D525152

Trending

Most Viewed

Loading...