Windows scareware fakes impending drive disaster

**4hams** · by **4hams** on Tue 17 May 2011 - 3:07

http://www.computerworld.com/s/article/9216765/Windows_scareware_fakes_impending_drive_disaster?souce=CTWNLE_nlt_pm_2011_05_16&utm_sorce=feedburner&utm_medium=feed$utm-campaign=Feed%253A+computerworld%252Fnews%252Ffeed+

Windows scareware fakes impending drive disaster

'Erases' files, icons as lead up to pitch for $80 to buy worthless utility

By Gregg Keizer
May 16, 2011 12:47 PM ET

Computerworld - Scammers are trying to trick Windows users into paying to fix bogus hard drive errors that have apparently erased important files, a researcher said today.

The con is a variant of "scareware," also called "rogueware," software that pretends to be legitimate but actually is just a sales pitch based on spooking users into panicking. Most scareware masquerades as antivirus software.

But Symantec researcher Eoin Ward has found a new kind of scareware that impersonates a hard drive cleanup suite that repairs disk errors and speeds up data access.

Dubbed "Trojan.Fakefrag" by Symantec, the fake utility ends up on a Windows PC after its user surfs to a poisoned site -- often because the scammers have manipulated search engines to get links near the top of a results list -- and falls for a download pitch, typically because it's presented as something quite different, like video of a hot news topic.

Fake system or disk cleanup programs aren't new -- Symantec has highlighted the scareware subcategory before -- but this malware goes above and beyond the call of counterfeit duty.

"[Trojan.Fakefrag's] aim is to increases the likelihood of you purchasing a copy of Windows Recovery by craftily convincing you that your hard drive is failing," said Ward in a company blog Monday, referring to the name of the fake suite that the Trojan shills.

The malware kicks off the scam by moving all the files in some folders to a temporary location, by hiding others and by making desktop icons disappear. All of that is followed by a message that looks like a valid Windows warning of impending hard drive doom.

"An error occurred while reading system files," the on-screen message reads. "Run a system diagnostic utility to check your hard disk drive for errors."

If the user clicks "OK," the fraudulent "Windows Recovery" application launches, runs a series of sham scans that sound technical and legit, then reports multiple problems, including disk read-write errors.

With the hook set, the scammers try to reel in the victim by trying to get them to pay $79.50 for Windows Recovery, which will supposedly fix the make-believe issues.

Since the user has just seen his files and icons vanish, he or she is much more likely to fall for the scheme.

"It does a really convincing job of making it appear as though something is wrong," said Ward. "When it 'deletes' files from your desktop, it does so in a very prominent way."

No surprise, but the files aren't deleted; they can be found with a quick local search, said Ward.

Windows isn't the only operating system targeted by scammers. Last week, for example, Intego Security reported finding the first-ever Mac OS X rogueware.

Scammers have upped their "scareware" game by convincing Windows users that their hard drive is ready to croak.