A spate of scareware apps that trick users into buying useless hard disk repair tools appears to be part of a concerted campaign to push fake ‘defrag’ software, a security company has said.
The Internet abounds with Windows utilities, usually free, some not very good. Users have an unquenchable appetite for them.
According to a GFI-Sunbelt Security blog, a new type of bogus disk software has suddenly become very common on the back of this, with a clutch of convincing examples appearing in recent weeks.
Users encountering new examples HDDRepair, HDDRescue and HDDPlus should ignore them. They are bogus applications that claim to defragment a user’s hard disk even though such a requirement is barely needed given that Windows does a lot of this work behind the scenes anyway.
The apps will, however, claim that a user’s hard disk is riddled with problems, as will the slightly older examples UltraDefragger, ScanDisk, Defrag Express and WinHDD. Sorting out the non-existent issue can cost anything from $20 and up.
Such apps have been around for some time in fact but have simply been less documented compared to the fake antivirus programs that have caused chaos on the Internet in the last two years.
The phenomenon of fake software is now deeply entrenched on the Internet and criminals have even taken to aping the way security companies are creating all-purpose security programs. Fake apps adopting this verisimilitude tactic include PCoptomizer, PCprotection Center and Privacy Corrector.
A quick trawl of Google reveals that all of the above scareware examples are easy to encounter. So how does a user tell the real and useful from the fake and expensive?
Depending on the type of app, it is sometimes easier to consult lists of real apps that worry about working out which ones aren’t genuine.
As the author points out, the overworked Virus Total is one site that allows files and URLs to be checked against known rogue lists, while certification company ICSA Labs publishes a separate, more high-level list of known vendors. These are not perfect warning systems however. Rogue URLs change constantly and might not be spotted by Virus Total, for instance.