Wednesday, January 19, 2011

Face to face with a false defrag program

I don't encounter malware very often, and this program reminded me how bad it can be. Michael Kaur from the Malware Removal Instructions blog sent me a copy of this program, since I requested it. It's a nasty piece of work, installing itself surreptitiously in your system, and then pouncing when you reboot.
When you boot up it runs its "scans" and then falsely tells you lies about your machine. I prepared my "FRAGG" test machine and made sure the files were fully defragmented and everything was in order, so I knew all the "errors" it reported were bogus.
I had to deactivate the Microsoft Security Essentials program in order to be able to install the malware, but once it was installed my machine was effectively held to randsom. It wouldn't let me run any other programs, or even copy files to my USB memory stick.
Even the payment information is bogus. To prevent the malware from spreading on my network, I had unplugged the network cable before installing it. Nonetheless the malware managed to dupe Internet Explorer into believing that the payment URL was legitimate (the domain is not registered) and secure. Who knows what they'll do with my credit card details? I'm not about to try to find out.
I eventually had to boot up from an Ubuntu boot CD just to copy the files for this blog post. Then I wiped the hard drive using DBAN, to make sure the darn thing was gone. Nasty. Fortunately there are helpful web sites like the Malware Removal Instructions blog to clean up your machine, if this stuff manages to get past your antivirus program. What do you mean you don't have one??? I suppose you don't do backups either ...

No comments: