Author Topic: Mac defender  (Read 269 times)

0 Members and 1 Guest are viewing this topic.

Offline skyblue1

  • Overlooked of the Aspie Elite
  • Elder
  • Obsessive Postwhore
  • *****
  • Posts: 8945
  • Karma: 737
  • Gender: Male
Mac defender
« on: May 26, 2011, 12:57:08 PM »


MAC Defender shows fake virus infection alerts in an effort to convince users to give up money and credit card numbers to an insecure server.Security firm Intego announced Monday that a fake antivirus program for Mac OS X has been discovered in the wild. While the threat potential remains low, inexperienced users could be fooled into paying to remove fake viruses "detected" by the software, and in the process, could end up giving credit card information to scammers.

The fake antivirus software calls itself "MAC Defender," perhaps the first hint that it should not be trusted (Apple makes "Macs," not "MACs"). Those behind the malware used SEO poisoning to make links to the software show up at the top of search results in Google and other search engines. Clicking the links that show up in search results brings up a fake Windows screen that tells the user a virus has been "detected," another clue that something is fishy. JavaScript code then automatically downloads a zipped installer for MAC Defender.

If the "Open 'safe' files after downloading" option is turned on in Safari, the installer will be unzipped and run. Since the installer requires a user password, it won't install without user interaction. However, inexperienced users may be fooled into thinking the software is legitimate.

Intego notes that the application is visually well designed and doesn't have numerous misspellings or other errors common to such malware on Windows, though it does seem to contain some sketchy grammar. The software will periodically display Growl alerts that various fake malware has been detected, and also periodically opens porn websites in the default browser, perhaps leading a user to believe the detected malware "threats" are real. Users are then directed to an insecure website to pay for a license and "clean" the malware infections. However, buying the license merely stops the fake alerts from popping up, but your money and credit card info is now in the hands of hackers.

While MAC Defender wouldn't likely fool an experienced user, Intego notes that its appearance in the wild is yet another opportunity to detail some useful security precautions. Don't let your browser automatically open downloads. If your browser asks if you want to run an installer even though you didn't try to download one, click "cancel." And never give your password to run installers you aren't 100 percent sure about


http://arstechnica.com/apple/news/2011/0...umbers.ars


___________________________________________________________________



After several days of pretending the problem didn't exist, Apple yesterday issued advice to users regarding the threat and announced that an upcoming OS X update would seek out and remove it. It's hard to believe that Apple would be naive enough to think that would be the end of it, but that may be the case.

Microsoft and dozens of PC software companies could tell Apple that generic solutions to threats such as these are extremely hard to construct, since they don't do anything malicious to the computer in the general sense of the term. All they do is display fancy fake scans and demand money. It's fairly easy for an experienced human to recognize these for what they are, but it's quite hard for software to do so without a significant chance of false positives. Indeed, PC security products have poor detection rates on this class of malware.

By issuing an update for Mac Defender has Apple created a precedent? If new variations of it, and new threats, start showing up every few days, will they issue updates in reaction? This is clearly a losing strategy.

The way it's handled on PCs is that security suites detect a high, if inadequate, percentage of rogue threats, but much of the burden rests with the user to know a scam when they see it. As hard as it has been to train PC users for this job, Mac users will be even harder to train.


http://blogs.pcmag.com/securitywatch/201...leased.php


--------------------------------------------------------------------------------

Offline bodie

  • Reflective Katoptronaphiliac of the Aspie Elite
  • News Box Slave
  • Maniacal Postwhore
  • *****
  • Posts: 14394
  • Karma: 2113
  • Gender: Female
  • busy re arranging deck chairs on board the Titanic
Re: Mac defender
« Reply #1 on: May 26, 2011, 03:10:50 PM »
People who make this kind of software are actually very intelligent,  don't understand why they use it in this way :thumbdn:
blah blah blah

Offline "couldbecousin"

  • Invincible Heisenweeble of the Aspie Elite
  • Elder
  • Postwhore Beyond Teh Stupid
  • *****
  • Posts: 53577
  • Karma: 2717
  • Gender: Female
  • You're goddamn right.
Re: Mac defender
« Reply #2 on: May 26, 2011, 03:39:46 PM »
 Something like this happens occasionally on my computer.  A page will suddenly pop up claiming to be affiliated with Windows Security,
 and claiming that my computer is dangerously infected.  It quickly runs a  "scan"  and lists all the viruses, Trojans and other stuff my computer is
 supposedly infected with, then offers downloadable software that will clean the computer and save it from crashing.  I tried to download it once,
 but my Trend Micro security software warned me not to, so I didn't.  Thank you, Trend Micro!  :-*
"I'm finding a lot of things funny lately, but I don't think they are."
--- Ripley, Alien Resurrection


"We are grateful for the time we have been given."
--- Edward Walker, The Village

People forget.
--- The Who, "Eminence Front"

Offline skyblue1

  • Overlooked of the Aspie Elite
  • Elder
  • Obsessive Postwhore
  • *****
  • Posts: 8945
  • Karma: 737
  • Gender: Male
Re: Mac defender
« Reply #3 on: May 26, 2011, 04:14:48 PM »
Something like this happens occasionally on my computer.  A page will suddenly pop up claiming to be affiliated with Windows Security,
 and claiming that my computer is dangerously infected.  It quickly runs a  "scan"  and lists all the viruses, Trojans and other stuff my computer is
 supposedly infected with, then offers downloadable software that will clean the computer and save it from crashing.  I tried to download it once,
 but my Trend Micro security software warned me not to, so I didn't.  Thank you, Trend Micro!  :-*
Good move. Did you run Trend afterwards to make sure no bad remants were left by the fake scan? :)

Offline "couldbecousin"

  • Invincible Heisenweeble of the Aspie Elite
  • Elder
  • Postwhore Beyond Teh Stupid
  • *****
  • Posts: 53577
  • Karma: 2717
  • Gender: Female
  • You're goddamn right.
Re: Mac defender
« Reply #4 on: May 26, 2011, 04:37:13 PM »
Something like this happens occasionally on my computer.  A page will suddenly pop up claiming to be affiliated with Windows Security,
 and claiming that my computer is dangerously infected.  It quickly runs a  "scan"  and lists all the viruses, Trojans and other stuff my computer is
 supposedly infected with, then offers downloadable software that will clean the computer and save it from crashing.  I tried to download it once,
 but my Trend Micro security software warned me not to, so I didn't.  Thank you, Trend Micro!  :-*
Good move. Did you run Trend afterwards to make sure no bad remants were left by the fake scan? :)

 Trend has actually run a scan on its own since then, but if this happens again I will be sure to run it.  :)
« Last Edit: May 26, 2011, 04:38:47 PM by couldbecousin »
"I'm finding a lot of things funny lately, but I don't think they are."
--- Ripley, Alien Resurrection


"We are grateful for the time we have been given."
--- Edward Walker, The Village

People forget.
--- The Who, "Eminence Front"

Offline ProfessorFarnsworth

  • Mad scientist at work
  • Elder
  • Obsessive Postwhore
  • *****
  • Posts: 5224
  • Karma: 528
  • Gender: Male
  • Good news everyone!
Re: Mac defender
« Reply #5 on: May 26, 2011, 08:52:21 PM »
It'd be a bit difficult for a fake virus scanner to fool me like that, I remember all the actual programs I'm using for protection, know their process names and how they normally behave.

I once had to manually defeat a virus because the old computer had no AV on it. Good ole MSDOS saved me a lot of hassle as you can delete registry settings and usually locked files from there. But since I usually keep my personal files off-computer, I can just factory reset it anyway or in some cases in the past, use ghost to re-image the drive.
Existence actually has two broad meanings despite its apparent meaningless. The constant reconciliation of all its parts, and the conservation of any closed system as a whole.

Morality can be extrapolated from these meanings to make these two commandments of godless morality: 1). Be in harmony with one another and 2). Care for the environment.

P7PSP

  • Guest
Re: Mac defender
« Reply #6 on: May 26, 2011, 08:54:22 PM »
Hacker scum should have their metacarpals broken with a 5 lb sledge.