Microsoft-security-07vb.tk Pop-Ups

The Microsoft-security-07vb.tk domain is flagged as unsafe by many AV vendors since it is used in phishing campaigns and technical support tactics. The Microsoft-security-07vb.tk domain may receive Web traffic from users affected by a browser hijacker and shade ad-supported applications. The Microsoft-security-07vb.tk domain is not maintained, operated or connected to the Microsoft Corp. The Microsoft-security-07vb.tk domain may include a screenshot of Support.microsoft[.]com but it should not be trusted. The Microsoft-security-07vb.tk domain hosts special scripts that load misleading information in full-screen mode for Web surfers and play a disturbing audio message saying that your computer has experienced a critical error. The Microsoft-security-07vb.tk pop-ups may be shown while your Web browser is loaded in full-screen mode and there is a fake mouse cursor on your screen. The people who made the Microsoft-security-07vb.tk site use Flash animations and multimedia resources to portray a security alert and lead you to call a fraudster. The first Microsoft-security-07vb.tk pop-up window is shown on a white background and says:

'[site name] says:
Your Computer Is Permanently Blocked. Call for support at +1-866-394-4845
[OK|BUTTON]'

The notification from Microsoft-security-07vb.tk may resemble a system dialog box, and you may be unable to click anywhere else except for the 'OK' button. Web developers exploit online gaming features in browsers like Mozilla Firefox, Google Chrome, and Internet Explorer to hide the user's mouse pointer and restrict the keyboard input. That way they can simulate a virus infection and present the Microsoft-security-07vb.tk pop-ups as legitimate security concerns. The 'Your Computer Is Permanently Blocked' dialog box triggers a browser redirect to h[tt]p://microsoft-security-07vb[.]tk/ch and loads a new pop-up message that says:

'VIRUS ALERT FROM MICROSOFT
This computer is BLOCKED
Do not close this window and restart your computer
Your computer's registration key is Blocked.
Why we blocked your computer?
The window's registration key is illegal.
This window is using pirated software.
This window is sending virus over the internet.
This window is hacked or used from undefined location.
We block this computer for your security.
Contact microsoft helpline to reactivate your computer.
Microsoft Security Tollfree:
+1-866-394-4845
Enter Windows registration key to unblock.
ENTER KEY [FAKE TEXT BOX] [Submit|FAKE BUTTON]
[Close to ignore|FAKE BUTTON]'

The Microsoft-security-07vb.tk warnings are not harmful on their own, but you need to avoid downloading files and installing applications promoted via Microsoft-security-07vb[.]tk. If you have loaded a tab with Microsoft-security-07vb.tk and you don't want to terminate your browser's process try the keyboard combination Ctrl+W that should kill the currently opened tab and allow you to continue surfing the Internet. If that function, use the Task Manager and kill the browser's main process or dedicated tab if possible. Do not call the '+866-394-4845' phone line listed on Microsoft-security-07vb.tk and other potential numbers found on similar pages. We found that Microsoft-security-07vb.tk has more than a dozen clones on the 108.179.246.109 IP address which include:

microsoft-security-07vb[.]ga
microsoft-security-07vb[.]ml
microsoft-security-09nc[.]cf
microsoft-security-09nd[.]tk
microsoft-security-alert-09md[.]cf
microsoft-security-alert-09md[.]gq
www[.]microsoft-security-09nd[.]cf

Detection names for resources downloaded from the 108.179.246.109 IP address include:

HTML.IFrame.Agent
HTML/Iframe.Agent.494
Trojan.HTML.Downloader.Agent.NCZ
Trojan.HTML.Generic (v)
Trojan.Phish@URL!1.A586 (CLASSIC)
Trojan.SSLN-0
Win32.Trojan.Raasj.Auto