. Codes: HTML: FakeAlert-T [Trj] HTML:EvilCursor-B
. Filed under: Microsoft Tech Support Scams
. Properties: This error is displayed by a malicious website that claims that the victim's PC is infected with viruses and other malware. These websites use aggressive tactics to keep the victim from exiting the website by closing the tab and some also prevent the visitor from closing the internet browser, through normal means These webpages can also cause the browser and the victims mouse to act erratically. Some of these webpages also overload the victim's computer by running many background process through the browser, causing the browser to either freeze or shut down unexpectedly. Often, an "official looking" Windows error message along with a telephone number will be displayed, prompting the victim to call the number for official technical support. Should the victim call the number, they will be asked by the scammer to download additional software as to gain access to the victims computer remotely which in turn, the scammer on the other end will charge the victim an enormous sum of money for bogus Anti-virus software and technical support. While this is one of the oldest scams on the internet, the biggest flaw of this scam is the fact that all supposed virus warning come the the webpage and not through the desktop notifications. Microsoft itself is alos another give away. Microsoft has not and will not ever call or ask any of their customers to call them if their PC's are infected. Microsoft's built in anti-malware, Windows Defender, has been released with every version of Windows since Windows Vista & Windows 7.
. Organizations affected: Microsoft
. Reported to: Scumware.org, Google Safe browsing (Report Phishing, Report Malware), EST.com (Via Report a Phishing page) Scammer Blaster
*Warning: For your safety, it is highly recommend that users do not visit any of the websites under the following codes: HTML:EvilCursor-B [Trj] debug-filing244.gq [URL:Phishing]
. Screenshots:
 |
| HTML:EvilCursor-B [Trj] |
 |
| HTML:EvilCursor-B [Trj] |
 |
| HTML:EvilCursor-B [Trj] |
 |
| HTML:EvilCursor-B [Trj] |
 |
| HTML:EvilCursor-B [Trj] |
 |
| HTML:EvilCursor-B [Trj] |
 |
| HTML:EvilCursor-B [Trj] |
. Offending URL's
*These websites are considered dangerous. For your safety, the links have been published as plain text.
https://dezos.xyz/click.php?key=4jsljhaot5h8g5ku3kji&click_id=br83kr8vijgt7a4mfktg&bid=0.035&placement_id=1718351&campaign_id=4658&site_id=44&creative_id=4543&age=2&rc=0&mc=0&bid=0.035
https://weble.xyz/click.php?key=hs9mv4n0r4pzv7jqmsr0&visitor_id=289999406719553536&cost=0.0750&zoneid=2553225&campaignid=3415933&bannerid=6128272&user_activity=high&zone_type=push
https://errorcode-28053.cf/XMCdhdsbfhgdfhdgf7AP/index.html?phone=+1-800-684-8738
https://bfkji.site/ixf4yzGF/5UgTmaaN/m04cD7cu/?p_x=1(888)531%200745
https://security-alert-hacking-attempt-66-infection-system-blocked-47.s3.amazonaws.com/chrome_win/index.htm?source_id=s358_796884
https://security-alert-hacking-attempt-66-infection-system-blocked-47.s3.amazonaws.com/chrome_win/index.htm?source_id=s358_7968
https://servererrornow-ga.preview-domain.com/DF10010011010CH7YAW/
https://errorcode-29051.ga/6TChsfsdfjdsfjdsfjVX/
https://errorcode-29051.ga/6TChsfsdfjdsfjdsfjVX/#forward
http://128.199.40.75/11Ch_get_help10018MI/
https://security-alert-66-infection-found-dll-missing-system-blocked-25.s3.amazonaws.com/chrome_win/index.htm?source_id=s358_796884
https://xnjzb.club/PZfFKPHE/M2JhlCNC/Jnwdk6j6/?p_x=1(888)491%201274
https://analyzeweb495.ml/Win81818_101010.hhc/YXMCdhdsbfhgdfhdgf9x0RBAW/
https://netissue940.ga/WIn10010_18818j.ggp/0CHfdfdfdfddfd99MC/
https://configure944.cf/WIn81818_1001h.bbf/0CHfdfdfdfddfd99MC/
https://configure944.cf/WIn81818_1001h.bbf/0CHfdfdfdfddfd99MC/
https://cboaj.club/PZfFKPHE/M2JhlCNC/Jnwdk6j6/?p_x=1(888)655%201984
https://kokobane.site/click.php?key=sRae73h8anNwj&tid=2619058&cid=1057022&sid=137444
http://xxxpr.xyz/lp/12/?v=500#sdapp93
https://winerror-5393.tk/0CHfdfdfdfddfd99900V/