Files Vanish; Scareware Demands Ransom

Friday, March 9, 2012 @ 03:03 PM gHale

There is scareware out there that makes victims believe something may have happened to all the files and folders stored on their computers and then the user pays $80 for a tool that addresses the problem.

Scareware or ransomware is not uncommon, security solutions providers release advisories on how to handle threats which pose as law enforcement agencies that demand the payment of fines, accusing the user of copyright infringement, said researchers at Bitfender.

Phishing Crackdown Fires Up
Phishing Emails from US-CERT
Trojan Acts like Carrier IQ Tool
Scareware Meets Smartphones

However, this Trojan relies on the fact computer owners panic if they see that all their personal files and folders have suddenly disappeared.

Identified as Trojan.HiddenFilesFraud.A, the rogue disk repair utility starts operating by informing the user of certain issues that affect the computer. Since people are already accustomed to fake AV’s, this malicious application goes one better to make everything look more realistic.

It changes the attributes of all files and folders, setting them as hidden, so the user thinks everything is gone from the hard drive. Certain key shortcuts also end up disabled to induce more panic.

Even worse, the worm that downloads HiddenFilesFraud.A, Win32.Brontok.AP@mm, ensures the files’ attributes can’t modify from Windows Explorer back to their original state.

After displaying the numerous “errors” that affect the system, the scareware advertises a repair utility that costs $80. Of course, just as in the situations presented on other occasions, the utility does absolutely nothing.

Leave a Reply

You must be logged in to post a comment.