Fake hard disk utility software spotted by Barracuda Networks

According to Dave Michmerhuizen, a security researcher with the IT security vendor, fake hard disk utility scareware is a new type of malware that is trying to one-up the fake anti-spyware scams that have been common for years.

"While fake anti-spyware tries to convince you that your computer is infected with spyware and malware, fake hard disk utility scareware tries to convince you that your computer is falling apart", he said in his security blog.

"It has appeared under a number of names, HDD Defragmenter, Quick Defragmenter, Win HDD and Win Defrag. The most common variety Barracuda Labs has seen in the wild is named HDD Diagnostic", he added.

According to the Barracuda security researcher's blog, the malware attacks a victim's computer using one of the sneakiest tricks in the book – the malicious advertisement, or malvertisement.

Most internet ads, he explained, are included on web pages via small bits of JavaScript code. The ad is loaded from an ad server elsewhere on the internet.

However, he says, it is becoming more common for these servers to be compromised, and ultimately serve up malicious or suspicious content themselves.

The extra JavaScript, says the Barracuda researcher, tells the browser to open a hidden window and access a domain that begins attacking the local computer.

A variety of exploits are then attempted, resulting in the execution of a downloader which in turn downloads the Fake Hard Disk Utility scareware.

Perhaps worse, Michmerhuizen says that the scareware continues to display error messages and block other user programs from running. Occasionally it will reboot the computer and then change the desktop to an ominous black.

All of this, he says, aims to panic the user into clicking on the button to 'Enable Defrag HDD Repair', which then brings up the money request screen.

Michmerhuizen believes this new type of malware is a reaction to the education that has been done regarding fake anti-spyware scareware.

"As such attacks become common knowledge they lose their effectiveness. This new attack is the same sort of wolf in new clothing and less likely to be familiar to many computer users", he said.

"This is yet another reminder to pay attention to your online activities, run a reputable anti-virus solution and filter your web traffic", he added.

What’s Hot on Infosecurity Magazine?