Threat Database Adware 'Security Update Error' Pop-Ups

'Security Update Error' Pop-Ups

By GoldSparrow in Adware

The 'Security Update Error' pop-up windows that Web surfers may experience are not to be trusted. The 'Security Update Error' pop-up windows are generated by recently registered pages, which have not been vetoed by Web filters and offer misleading information. The 'Security Update Error' alerts are hosted on phishing pages that aim to confuse users and convince them to call phone lines like 800-090-3820 and (888) 944-5714, which are not operated by legitimate companies. PC users who are shown the 'Security Update Error' may think that they are receiving a message from the Microsoft Corp directly. However, that is not the case, and you are being exposed to a technical support tactic. The 'Security Update Error' pages are associated with a fake error report dubbed 'Error 0xB6201879' and offer the following messages:

  • Message 1:
  • '[SITE NAME] is requesting your user name and password. The site says: "Security Update Error 0xB6201879 Help Desk: 44-800-090-3820 (TOLL-FREE)"
    User Name: [TEXT BOX]
    Password: [TEXT BOX]'

  • Message 2:
  • 'Windows Defender Alert: Zeus Virus Detected In Your Computer !!

    Please Do Not Shutdown or Reset Your Computer.

    Windows Warning

    Malicious Spyware/Riskware/Virus Detected on Your System
    Error #0x80072ee7
    Please call us immediately at 44-800-090-3820
    Do not ignore this alert/
    if you close this page, your computer access will be disabled to prevent further damage to our network. Your computer has alerted us that it has been infected with a Spyware and riskware.

The layout of the phishing pages hosting the 'Security Update Error' warnings is designed to resemble a Blue Screen of Death error report and include logos from Suppport.microsoft.com, which is the legitimate support page for Microsoft customers. You should not mistake the 'Security Update Error' warnings as messages issued by the Redmond Giant (an expression referring to Microsoft's HQ in Redmond, Washington). Con artists operate the 800-090-3820 and (888) 944-5714 phone lines that can be found on the 'Security Update Error' pop-up windows and affiliated pages. Computer security researchers advise against calls to 800-090-3820 and (888) 944-5714. The 'Security Update Error' messages should be closed, and you may have to terminate the browser's process if the pop-up windows can't be removed via the 'Close' button. We have discovered that the 'Security Update Error' warnings are generated on pages registered to the 63.142.254.88 IP address, which includes (but is not limited to) the following sites:

  • b1-250912345678[.]tk
  • b1-25091234567890[.]tk
  • b1-300912345[.]tk
  • b1-3009123456789[.]tk
  • b2-2609123[.]tk
  • b2-29091[.]tk
  • b2-290912345[.]tk
  • b5-01101234567[.]tk

AV engines may bring up alerts that feature the following names when you load any of the pages listed above:

  • Trojan.JS.FakeAlert.AT
  • HTML.Agent.US
  • malware (ai score=87)
  • Win32/Trojan.d2b
  • HEUR:Trojan.Script.Generic

Trending

Most Viewed

Loading...