Windows scareware fakes impending drive disaster
'Erases' files, icons as lead up to pitch for $80 to buy worthless utility
Computerworld - Scammers are trying to trick Windows users into paying to fix bogus hard drive errors that have apparently erased important files, a researcher said today.
The con is a variant of "scareware," also called "rogueware," software that pretends to be legitimate but actually is just a sales pitch based on spooking users into panicking. Most scareware masquerades as antivirus software.
But Symantec researcher Eoin Ward has found a new kind of scareware that impersonates a hard drive cleanup suite that repairs disk errors and speeds up data access.
Dubbed "Trojan.Fakefrag" by Symantec, the fake utility ends up on a Windows PC after its user surfs to a poisoned site -- often because the scammers have manipulated search engines to get links near the top of a results list -- and falls for a download pitch, typically because it's presented as something quite different, like video of a hot news topic.
Fake system or disk cleanup programs aren't new -- Symantec has highlighted the scareware subcategory before -- but this malware goes above and beyond the call of counterfeit duty.
"[Trojan.Fakefrag's] aim is to increases the likelihood of you purchasing a copy of Windows Recovery by craftily convincing you that your hard drive is failing," said Ward in a company blog Monday, referring to the name of the fake suite that the Trojan shills.
The malware kicks off the scam by moving all the files in some folders to a temporary location, by hiding others and by making desktop icons disappear. All of that is followed by a message that looks like a valid Windows warning of impending hard drive doom.
"An error occurred while reading system files," the on-screen message reads. "Run a system diagnostic utility to check your hard disk drive for errors."
If the user clicks "OK," the fraudulent "Windows Recovery" application launches, runs a series of sham scans that sound technical and legit, then reports multiple problems, including disk read-write errors.
With the hook set, the scammers try to reel in the victim by trying to get them to pay $79.50 for Windows Recovery, which will supposedly fix the make-believe issues.
Since the user has just seen his files and icons vanish, he or she is much more likely to fall for the scheme.
"It does a really convincing job of making it appear as though something is wrong," said Ward. "When it 'deletes' files from your desktop, it does so in a very prominent way."
No surprise, but the files aren't deleted; they can be found with a quick local search, said Ward.
Windows isn't the only operating system targeted by scammers. Last week, for example, Intego Security reported finding the first-ever Mac OS X rogueware.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts