Windows scareware fakes impending drive disaster

"Erases" files, icons as lead up to pitch for $US80 to buy worthless utility

Scammers are trying to trick Windows users into paying to fix bogus hard drive errors that have apparently erased important files, a researcher said today.

The con is a variant of "scareware," also called "rogueware," software that pretends to be legitimate but actually is just a sales pitch based on spooking users into panicking. Most scareware masquerades as antivirus software.

But Symantec researcher Eoin Ward has found a new kind of scareware that impersonates a hard drive cleanup suite that repairs disk errors and speeds up data access.

Dubbed "Trojan.Fakefrag" by Symantec, the fake utility ends up on a Windows PC after its user surfs to a poisoned site -- often because the scammers have manipulated search engines to get links near the top of a results list -- and falls for a download pitch, typically because it's presented as something quite different, like video of a hot news topic.

Fake system or disk cleanup programs aren't new -- Symantec has highlighted the scareware subcategory before -- but this malware goes above and beyond the call of counterfeit duty.

"[Trojan.Fakefrag's] aim is to increases the likelihood of you purchasing a copy of Windows Recovery by craftily convincing you that your hard drive is failing," said Ward in a company blog Monday, referring to the name of the fake suite that the Trojan shills.

The malware kicks off the scam by moving all the files in some folders to a temporary location, by hiding others and by making desktop icons disappear. All of that is followed by a message that looks like a valid Windows warning of impending hard drive doom.

"An error occurred while reading system files," the on-screen message reads. "Run a system diagnostic utility to check your hard disk drive for errors."

If the user clicks "OK," the fraudulent "Windows Recovery" application launches, runs a series of sham scans that sound technical and legit, then reports multiple problems, including disk read-write errors.

With the hook set, the scammers try to reel in the victim by trying to get them to pay $79.50 for Windows Recovery, which will supposedly fix the make-believe issues.

Since the user has just seen his files and icons vanish, he or she is much more likely to fall for the scheme.

"It does a really convincing job of making it appear as though something is wrong," said Ward. "When it 'deletes' files from your desktop, it does so in a very prominent way."

No surprise, but the files aren't deleted; they can be found with a quick local search, said Ward.

Windows isn't the only operating system targeted by scammers. Last week, for example, Intego Security reported finding the first-ever Mac OS X rogueware.

Scammers have upped their "scareware" game by convincing Windows users that their hard drive is ready to croak.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His e-mail address is

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags symantecsecurityWindowssoftwareoperating systems

More about AppleIntegoMicrosoftSymantecTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts