A fake antivirus application is targeting Mac OS X computers using Apple's Safari browser. Cybercriminals pushing MAC Defender, named like the legitimate MacDefender antivirus product, are manipulating keywords to push malicious sites to the top of search results.
According to security experts, Mac users who visit one of the malicious sites will see a fake Windows screen featuring an animated image of a malware scan, which reports that their computers have been infected and may automatically download the scareware. If the file is installed, problems will periodically arise until the user pays for the bogus program.
For example, the bogus MAC Defender will periodically open pornographic web pages to convince users that they have been hit by a virus. The goal is to con victims into paying for the fake program, explained Intego, an authentic antivirus software maker.
Exploiting Search-Engine Trust
Similar malware attacks are commonly encountered on Windows machines. For example, the LizaMoon scareware that surfaced last month also attempts to fool PC users into downloading a fake antivirus program by using what superficially appears to be the name of a Microsoft product: Windows Stability Center.
However, the fact that malware sites have begun serving up a Mac version is new and extremely rare, wrote Intego security experts in a blog. "While the site itself still shows a fake Windows screen, the rogue antivirus itself is a well-designed Mac application and looks professional," they wrote.
To prevent unauthorized downloads and installations without the user's consent, security experts are advising Mac users to uncheck the "Open safe files after downloading" option in Safari and avoid running any installer unless the user specifically elected to download it.
Moreover, the use of the web as a primary attack vehicle is rapidly rising. Symantec reports that the volume of web-based attacks per day increased 93 percent year over year in 2010. And it expects this trend to continue through 2011 and beyond.
Meanwhile, Intego said its VirusBarrier X5 and X6 real-time scanners will detect the malware when it is downloaded. In addition, Intego's Web Threats will block any web pages containing the malicious code.
Posted: 2011-05-10 @ 2:44pm PT
My partner's G5 iMac was infected this week with a program of this kind. We reasoned that a simple program had snuck under the Mac defences but on rebooting with firefox as default browser the problem persisted.
A tech savvy friend suggested looking for unexpected programs in System Pref/Accounts/login items and there it was "Macprotector" top of the list. We removed it and BINGO! no more threats, no more porn pop ups.
Posted: 2011-05-07 @ 1:46am PT
How does one get rid of this junk?