• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   FakeDiagnostics, Another Spin on FAKEAV

FakeDiagnostics, Another Spin on FAKEAV

  • Posted on:December 9, 2010 at 1:17 pm
  • Posted in:Bad Sites, Malware, Mobile
  • Author:
    Jamz Yaneza (Threat Research Manager)
12

When was the last time you manually defragmented your hard drive? Or when did your OS last request that you do so?

Modern desktop OSs have all embraced, in one form or another, self-medicating systems and start-up diagnostics since 2005. One can then ask if this means that you don’t need to defragment your hard drive anymore.

According to a post by Microsoft’s Windows Server Performance Team, defragmenting your hard drive is worthwhile. It allows users to read contiguous blocks of data in one go. This literally means faster drive seek and read times. However, there is a small caveat. No, actually a huge one. Files above 64MB are ignored by the defragmenter, as defragmenting these does not improve performance any. This is a reiteration from an earlier post two years ago by the Storage Team where they stated that due to improvements in NTFS (the journalizing file system used by default since Windows XP), it now takes less time to locate file fragments and is not worth the effort to defragment given the time and computation load for PCs.

64MB seemed rather large a decade or so ago but today’s standard USB sticks—like those literally given away for free at electronics stores when you sign up for their catalogs are 4GB—about 64 times as much as the size used to be. You can probably get some performance improvements when sorting your MP3 collection whose files sizes average about 3MB each. But if you’re looking to sort your PVR recordings from your Windows 7 Media Center then you’re out of luck. The improvements in hard drive speed in the last few decades are so high that even when combined with an older OS, you’ll see marked improvements. Solid State Drives (SSDs) anyone?

That brings us to the reason for this post. We were alerted to reports of some fake hard drive diagnostic applications going around recently. Based on a few searches, the earliest reports were found around the first week of October this year. In the last few days, a rash of unique binaries were foisted onto hapless users who may not be as informed as the readers of this blog now are.

A cursory look at the binaries so far shows that these originated from or communicated with the following IP address ranges (We suggest you start blocking these unless you are already protected by our security products powered by the Trend Micro™ Smart Protection Network™):

  • 62.122.72.0/23
  • 91.200.242.0/23
  • 91.212.127.0/24
  • 91.213.157.0/23
  • 95.169.160.0/19

Check Disk, Hard Drive Diagnostic, HDD Control, HDD Diagnostic, HDD Scan, Quick Defragmenter, Smart Defragmenter, System Defragmenter, Ultra Defragger, Scan Disk, and Win Defrag—these are the current aliases of this piece of scareware that users should be wary of. When tempted to install them, don’t be. These are likewise blocked and flagged as TROJ_FAKEAL.CG.

As mentioned earlier, we saw several unique variants but they all work alike. The one in the picture above is a particular sample from this group. Once the fake drive scan is finished, it will ask for registration and activation.

And then, guess what, you will be presented a “secure and verified” phishing payment screen. Sounds familiar? It should because we just posted an entry last week on how to recognize FAKEAV.

An extra bit of warning, enough versions now come prepackaged with the TDSS rootkit, which we previously reported on as part and parcel of many other bots, including FAKEAV. As proof, we noticed that some of the source IP addresses came up in our monitoring for that specific malware family!

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.