By Dave Michmerhuizen, Security Researcher
Fake Hard Disk Utility scareware is a new type of malware that is trying to one-up the fake anti-spyware scams that have been common for years. While fake anti-spyware tries to convince you that your computer is infected with spyware and malware, Fake Hard Disk Utility scareware tries to convince you that your computer is falling apart. It has appeared under a number of names, HDD Defragmenter, Quick Defragmenter, Win HDD and Win Defrag. The most common variety Barracuda Labs has seen in the wild is named HDD Diagnostic.
We particularly liked the message on this screen – “Hard Drive not found. Missing hard drive.”
The scareware continues to display error messages and block other user programs from running. Occasionally it will reboot the computer and then change the desktop to an ominous black. All of this is to panic the user into clicking on the button to “Enable Defrag HDD Repair.” Doing so brings up the money screen:
The contents of this form are actually from another bogus site named secure.billsecurepay.com. The scammer tries to make the user feel even more “secure” by continuously using the word over and over again. However, the only thing this actually “secures” is a transfer of $80 from the victim to the scammer.
We believe that this new malware is a reaction to the education that has been done regarding fake anti-spyware scareware. As such attacks become common knowledge they lose their effectiveness. This new attack is the same sort of wolf in new clothing and less likely to be familiar to many computer users. This is yet another reminder to pay attention to your online activities, run a reputable anti-virus solution and filter your Web traffic.
Barracuda Web Filters and the Barracuda Web Filtering Service stop the download of this threat.