'Firewall Detected Suspicious Network Connections' Pop-Ups

The 'Firewall Detected Suspicious Network Connections' pop-up windows that say Microsoft has detected "suspicious" activity on your machine are not legitimate security warnings. The 'Firewall Detected Suspicious Network Connections' messages might feature the Microsoft Corp. logo and appear as custom pages on Support.microsoft.com but you should not call the phone numbers listed on your screen. The 'Firewall Detected Suspicious Network Connections' notifications are used to lure users into calling toll-free phone lines that are operated by con artists. The operators associated with the 'Firewall Detected Suspicious Network Connections' notifications might claim they are certified Microsoft technicians who can help you remove the virus that is the reason for the 'Firewall Detected Suspicious Network Connections' pop-up. Security experts warn that the 'Firewall Detected Suspicious Network Connections' alerts might be displayed on the following sites:

• buyantivirussoftware[.]org
• proponline[.]info/main
• security-online[.]online
• spicy9chapelhill[.]com/xmlrpc.php
• toolssas[.]com
• universalhub[.]info/trial

These sites are blacklisted by Web filters such as Websense ThreatSeeker, Google Safebrowsing and Mozilla Phishing Protection. Computer users that load pages associated with the 'Firewall Detected Suspicious Network Connections' warnings might experience difficulties to open a new tab and close their browser. We have received reports that the 'Firewall Detected Suspicious Network Connections' pop-ups might prevent users from leaving the pages they are hosted at. It is possible that the Web designers behind the sites listed above have enabled the sites to keep the 'Firewall Detected Suspicious Network Connections' pop-up window open at all times. That way, users would need to terminate their browser's process and unlock the controls of their browser. When the 'Firewall Detected Suspicious Network Connections' warnings are presented on the screen, the user is likely to hear an audio recording that says:

'Critical alert from Microsoft
Your computer has alerted us that it is infected with virus and spyware.
This virus is sending your credit card details, Facebook login and personal emails to hackers remotely. Please call us immediately at the toll-free listed so that our support engineers can walk you through the removal process over the phone. If you close this page before calling us we well be forced to disable your computer to prevent further damage to our network.
Error: 268d3'

The audio is played while the following messages are shown on your screen:

• Message 1:

'Firewall detecting 'suspicious' incoming network connections, we recommend that you click on “Back to Safety'

• Message 2:

'Call Windows Help Desk Immediately at +1-844-324-4706
The following data will be compromised if you continue:
1. Passwords
2. Browser History
3. Credit Card Information
This virus is well known for complete identity and credit card theft. Further action through this computer or any computer on the network will reveal private information and involve serious risks.
Call Windows Help Desk Immediately at +1-844-324-4706.'

We have found out that there is a team of fake computer support agents who operates the 844-324-4706 toll-free phone line and may benefit from users who choose to trust the 'Firewall Detected Suspicious Network Connections' alerts. PC users that call 844-324-4706 may be invited to install a remote desktop client and have a technician connect to their system to perform repairs. Needless to say, the fraudsters would use the remote access to your device to simulate a virus infection and claim that logs from the Windows Event Viewer prove that there is a virus on your device. Computer users should not approve remote desktop connections that are initiated by an untrusted third-party. It is best to secure your system with a trusted anti-malware shield that can block unwanted access and eliminate programs related to the 'Firewall Detected Suspicious Network Connections' pop-ups.