14 DAY TRIAL // Scareware creators have temporarily steered away from the fake antivirus theme they commonly use to put out a new line of rogue programs that pose as defragmentation utilities.
According to security reserarchers from antivirus giant Symantec, these applications started to appear in the later half of October, but have since increased their prevalence and new variants are now detected on a daily basis.
Some of the fake defrag tools observed so far had names like “Ultra Defragger”, “Smart Defragmenter”, “HDD Defragmenter”, “System Defragmenter”, “Disk Defragmenter”, “Quick Defragmenter”, “Check Disk” or “Scan Disk.” However, despite being named differently, all of them have the same interface.
After installation these clones proceed to perform a system scan and, like any scareware applications whose purpose is to scare users into buying a license, claim to identify multiple problems.
The applications recommend that a defragmentation pass be performed and when the users agree they goes on to mimic the behavior of real defrag programs.
“The user is prompted to run the defragmentation process, which then boots into a black ‘safe mode’ (which is fake) and proceeds to ‘fix’ some of the issues,” notes Hon Lau, a researcher at Symantec.
“As one would expect, some serious issues remain, which requires the application to be activated for a fee before they can be resolved,” he adds.
Scareware distribution is one of the most profitable underground businesses and is commonly used to fund more cybercriminal activities.
According to a recent report from Panda Security, 2010 was the busiest year for scareware developers, with almost 40% of such threats ever created being released this year.
However, these fake defragmentation programs stand to show that a tough competition in this area is pushing some gangs to diversify their scareware scams.
