Criminals fake hard drive disk failures for cash

INSECURITY FIRM Symantec has warned PC users about a Trojan that screws around with a computer's files to make it look like there is a hard drive failure.

Fake hard disk cleanup utilities and defragmentation tools have existed since the end of last year, but the security firm said emerging threats actually make critical changes on your computer to make it look as though the hard drive is failing.

Symantec showed how criminals are using a combination of attacks to convince users that their computer is failing. It used an example called Trojan.Fakefrag, which is dropped onto a computer, usually through a drive-by download.

Trojan.Fakefrag does a number of things to a Windows PC. As well as fake hardware failure messages, it can move the files in the 'all users' folder to a temporary location and hide files in the current user section. It can also change your background image, disable the task manager and delete registry entries.

Symantec researcher Eoin Ward said, "It does a really convincing job of making it appear as though something is wrong - the failure messages look just like something Windows would display. Plus, when it "deletes" files from your desktop, it does so in a very prominent way."

Once the user is freaked out enough about what's happening to their PC, they might well click on a message and launch a Windows recovery application, which is now linked on the desktop and start menu. It offers an 'UltraDefragger' utility available at the 'bargain' price of $80.

Ward said, "Fortunately with Trojan.Fakefrag all the files are still on your hard drive. A quick search will find anything you need - after you run an up-to-date antivirus scan to delete the Trojan of course." µ