Windows scareware fakes impending drive disaster
'Erases' files, icons as lead up to pitch for $80 to buy worthless utility
Computerworld - Scammers are trying to trick Windows users into paying to fix bogus hard drive errors that have apparently erased important files, a researcher said today.
The con is a variant of "scareware," also called "rogueware," software that pretends to be legitimate but actually is just a sales pitch based on spooking users into panicking. Most scareware masquerades as antivirus software.
But Symantec researcher Eoin Ward has found a new kind of scareware that impersonates a hard drive cleanup suite that repairs disk errors and speeds up data access.
Dubbed "Trojan.Fakefrag" by Symantec, the fake utility ends up on a Windows PC after its user surfs to a poisoned site -- often because the scammers have manipulated search engines to get links near the top of a results list -- and falls for a download pitch, typically because it's presented as something quite different, like video of a hot news topic.
Fake system or disk cleanup programs aren't new -- Symantec has highlighted the scareware subcategory before -- but this malware goes above and beyond the call of counterfeit duty.
"[Trojan.Fakefrag's] aim is to increases the likelihood of you purchasing a copy of Windows Recovery by craftily convincing you that your hard drive is failing," said Ward in a company blog Monday, referring to the name of the fake suite that the Trojan shills.
The malware kicks off the scam by moving all the files in some folders to a temporary location, by hiding others and by making desktop icons disappear. All of that is followed by a message that looks like a valid Windows warning of impending hard drive doom.
"An error occurred while reading system files," the on-screen message reads. "Run a system diagnostic utility to check your hard disk drive for errors."
If the user clicks "OK," the fraudulent "Windows Recovery" application launches, runs a series of sham scans that sound technical and legit, then reports multiple problems, including disk read-write errors.
With the hook set, the scammers try to reel in the victim by trying to get them to pay $79.50 for Windows Recovery, which will supposedly fix the make-believe issues.
Since the user has just seen his files and icons vanish, he or she is much more likely to fall for the scheme.
"It does a really convincing job of making it appear as though something is wrong," said Ward. "When it 'deletes' files from your desktop, it does so in a very prominent way."
No surprise, but the files aren't deleted; they can be found with a quick local search, said Ward.
Windows isn't the only operating system targeted by scammers. Last week, for example, Intego Security reported finding the first-ever Mac OS X rogueware.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts