In the last year, ransomware infections have taken over from scareware as the cybercriminals’ favorite mode of squeezing money out of their victims, but that doesn’t mean that scareware has disappeared altogether.
Avast researchers have recently spotted a piece of fake computer diagnostic software that goes by the name of “S.M.A.R.T. Repair”, which supposedly scans the victim’s machine and “detects” critical hard disk errors (click on the screenshot to enlarge it):
What’s interesting about this software is that once run, it cannot be quitted in a normal way. “If you press the “X’ in the top right corner, it only minimizes,” the researchers point out. “If you right click the ‘S.M.A.R.T. Repair’ icon in the tray, there is no exit option.”
The malware starts “scanning” immediately after it’s run and, of course, finds many errors. In order to repair them, the users are urged to buy the license for the software. Once they do it, they are supplied with an activation code that makes the program “fix” the errors, reboot the computer, and give an “all clear” report, and finally allows the user to quit the program.
Luckily for those who have picked up this piece of malware somewhere and are wondering how to get rid of it without paying, Avast researchers have analyzed it and discovered that the activation number is always the same: 08869246386344953972969146034087.
Once the number is inserted and the program successfully registered, the message that pops up thanking the user for purchasing the software and offering customer support gives a clue about the scammers behind it.
The mentioned domain is hosted on a server located in the United Arab Emirates, but belongs to a Russian ISP. And it’s not the only one – a number of other domains are also hosted there, and they have all been registered on the same date by a Chinese fraudulent domain registrar.