Wednesday, December 29, 2010

Defragmentation Scareware wants your money

It's a scam: rogue software installs itself or lures unsuspecting users to install it. Then it "analyses" your system, generating a whole bunch of alarming messages about how your system is "critical", and then insists that you pay the authors for the full version to "fix" the problem. Once you pay, miracles happen: your system no longer has errors. Of course these messages were all bogus to begin with, and now that you have handed over your cash, they no longer appear.
This tactic is not new, but before it was done using fake "security" scanners, antivirus programs, or malware scanners. Now the authors have turned their attention to rogue defrag programs, as reported by GFI Labs and other web sites. I heard it first on the Security Now podcast #280:
... watch out for fraudulent defraggers.
That's the latest thing to happen. There's so many useful free software out there, it's not surprising that the bad guys are going to be mixing their own malware in with the good stuff.
So there's HDDRepair, HDDRescue, HDDPlus, UltraDefragger, ScanDisk, DefragExpress, and WinHDD have all been identified as bogus. They claim to be a free defragger to make your computer run faster, the way it used to. And who doesn't want that? What these things do, though, they're scareware. You run them; they actually do no defragging at all, but they apparently do something. And then they come back with a note that, oh ... you've got serious problems, baby. We're going to need another $20, or an initial $20, or more in some cases, to fix this problem. So again, this is going to catch a certain number of people who unwittingly download this and don't know any better.
What worries me is that this kind of scareware is likely to give defrag programs a bad name, in the same way that anti-spyware and registry scanners have been given a bad name. So, before you download any defrag software, check whether it is on this list and use the correct URL supplied. If it isn't on the list, report it, and use a trusted program instead.

1 comment:

The last 50 anonymous "comments" have been spam, and were deleted before being published. I have disabled anonymous commenting for a while, until the spammers go away. I appreciate all genuine comments, and publish all comments that are on topic and not spam.