Scareware hides files and folders, offers fix for $80

BitDefender researchers have recently come across a nasty piece of scareware that tricks victims into believing that all their files and folders have disappeared due to hard disk issues and urges them to buy a disk repair utility that will solve the problem for a price of $80.

The scareware itself is installed on the victims’ computer via Win32.Brontok.AP@mm, a well known mass mailer worm that spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from files on the infected computer, but can also copy itself to USB and pen drives.

“It copies itself in every folder on the infected stick under the name of that folder,” explain the researchers. “It adds an .exe extension that remains hidden from users. This is an indicator that it needs the user to recognize, trust, click and thus install it on the PC.”

The worm also disables antivirus and security software, prevents users from updating it and from modifying Windows Explorer folder options – all things that pave the way for a successful execution of the scam perpetrated via the aforementioned scareware, which starts its crusade by hiding files and folders present on the machine by modifying their attributes and setting them to “hidden”.

Even if the users guess why the files and folders are “missing”, they can’t do anything about it, as the Brontok worm prevents them to change the settings to “visible”.

The scareware poses as a disk repair utility by the name of “Windows XP Repair” and starts warning the victims about unsolved disk issues and the possibility of losing their precious data. At the same time, it begins displaying error windows that seem to come from the OS itself, thus adding to the illusion.

Unfortunately, even if the users pay the $80 for the advertised repair utility, it will do nothing to restore their computer to its previous state.