Scareware came by its name honestly (or perhaps dishonestly). The particular strain of malware we are looking at here (distributed as UltraDefragger and SystemRecovery) attempts to ensnare unwary users by displaying sensational and frightening alerts.
As Symantec recently discovered, the bad guys have added a new twist to their fake disk defragmentation tools: falsely notifying users that a hard drive is about to fail. Like so many other rogue applications, this “recovery tool” is designed to trick users into purchasing a paid application which can fix the problems that were detected. In truth, of course, there were no problems and thereis no fix.
This malware goes beyond mere sensational alerts, however. Symantec notes that it moves files from All Users and the current Windows user’s profile into a temporary location, making it appear as though problems with the hard drive are causing files to disappear. It also disables a user’s ability to change wallpaper images and sets registry keys to hide certain icons — giving the impression that programs are going missing as well (check out the video to see it in action).
If there’s one thing which incites panic in the average computer user, it’s the thought of losing important files. When a rogue application does as convincing a job as this one does, it’s really not surprising that the panic button gets pushed and purchases are made. So just how much would you have to shell out to undo the damage caused by this phantom hard drive crash? $79.50.