New Scareware Threat: Fake Disk Repair

Do you keep any important data on your computer? How would you feel if you turned it on and found all your files gone--your dissertation, your novel, the index of your comic book collection, everything! Sure, you meant to back it all up, but never got around to it, so now you're desperate. A new form of scareware aims to take advantage of that desperation.

This new threat, named "Trojan.HiddenFilesFraud.A" by Bitdefender's researchers, hides all files and folders on your machine and disables some standard keyboard shortcuts so you can't un-hide them. To further inflame your mania it displays error messages as-if from Windows reporting such worries as "damaged hard disk clusters."

Just when your frenzy is at its peak, the fake disk repair tool goes to work. It busily spins and flashes and eventually reports a plethora of errors. Want the problem fixed? All you have to do is register... for $80. The worst of it is, even when you do register it doesn't unhide your files. Click the small image below for a view of the threat in action.

fake fix Of course, if you weren't crazed with worry you might notice one suspicious fact; if Windows is running, it can't be true that all of your files are missing. That's why the malware keeps the pressure on.

Malware Cooperation
How does this threat enter your system? A well-known worm that Bitdefender calls Win32.Brontok.AP@mm opens the door. Brontok spreads via infected removable drives and has been used to propagate other types of attacks.

The full report on Bitdefender's Malware City blog points out that traditional fake antivirus scareware has been on the decline in the last year. PCMag and other outlets have alerted users to the signs of scareware, and Google started filtering out some of the top-level domains strongly associated with scareware. Utility-type scareware is different enough that it may have success even with users who laugh off fake antivirus.

So, given that the fake hard disk fixer doesn't restore your files, what can you do if HiddenFilesFraud hits your system? I don't have a sample to experiment with, but I'd suggest opening a Command Prompt and entering "ATTRIB /S -H *.*" Who knows--it just might work!
For more from Neil, follow him on Twitter @neiljrubenking.