MAC Defender shows fake virus infection alerts in an effort to convince users to give up money and credit card numbers to an insecure server.Security firm Intego announced Monday that a fake antivirus program for Mac OS X has been discovered in the wild. While the threat potential remains low, inexperienced users could be fooled into paying to remove fake viruses "detected" by the software, and in the process, could end up giving credit card information to scammers.
The fake antivirus software calls itself "MAC Defender," perhaps the first hint that it should not be trusted (Apple makes "Macs," not "MACs"). Those behind the malware used SEO poisoning to make links to the software show up at the top of search results in Google and other search engines. Clicking the links that show up in search results brings up a fake Windows screen that tells the user a virus has been "detected," another clue that something is fishy. JavaScript code then automatically downloads a zipped installer for MAC Defender.
If the "Open 'safe' files after downloading" option is turned on in Safari, the installer will be unzipped and run. Since the installer requires a user password, it won't install without user interaction. However, inexperienced users may be fooled into thinking the software is legitimate.
Intego notes that the application is visually well designed and doesn't have numerous misspellings or other errors common to such malware on Windows, though it does seem to contain some sketchy grammar. The software will periodically display Growl alerts that various fake malware has been detected, and also periodically opens porn websites in the default browser, perhaps leading a user to believe the detected malware "threats" are real. Users are then directed to an insecure website to pay for a license and "clean" the malware infections. However, buying the license merely stops the fake alerts from popping up, but your money and credit card info is now in the hands of hackers.
While MAC Defender wouldn't likely fool an experienced user, Intego notes that its appearance in the wild is yet another opportunity to detail some useful security precautions. Don't let your browser automatically open downloads. If your browser asks if you want to run an installer even though you didn't try to download one, click "cancel." And never give your password to run installers you aren't 100 percent sure about
http://arstechnica.com/apple/news/2011/0...umbers.ars___________________________________________________________________
After several days of pretending the problem didn't exist, Apple yesterday issued advice to users regarding the threat and announced that an upcoming OS X update would seek out and remove it. It's hard to believe that Apple would be naive enough to think that would be the end of it, but that may be the case.
Microsoft and dozens of PC software companies could tell Apple that generic solutions to threats such as these are extremely hard to construct, since they don't do anything malicious to the computer in the general sense of the term. All they do is display fancy fake scans and demand money. It's fairly easy for an experienced human to recognize these for what they are, but it's quite hard for software to do so without a significant chance of false positives. Indeed, PC security products have poor detection rates on this class of malware.
By issuing an update for Mac Defender has Apple created a precedent? If new variations of it, and new threats, start showing up every few days, will they issue updates in reaction? This is clearly a losing strategy.
The way it's handled on PCs is that security suites detect a high, if inadequate, percentage of rogue threats, but much of the burden rests with the user to know a scam when they see it. As hard as it has been to train PC users for this job, Mac users will be even harder to train.
http://blogs.pcmag.com/securitywatch/201...leased.php --------------------------------------------------------------------------------
