You are here: Home / Viruses & Malware / Bogus Antivirus Product Targets Macs
Bogus Antivirus Malware Targets Mac Computers
Bogus Antivirus Malware Targets Mac Computers
By Mark Long / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus

A fake antivirus application is targeting Mac OS X computers using Apple's Safari browser. Cybercriminals pushing MAC Defender, named like the legitimate MacDefender antivirus product, are manipulating keywords to push malicious sites to the top of search results.

According to security experts, Mac users who visit one of the malicious sites will see a fake Windows screen featuring an animated image of a malware scan, which reports that their computers have been infected and may automatically download the scareware. If the file is installed, problems will periodically arise until the user pays for the bogus program.

For example, the bogus MAC Defender will periodically open pornographic web pages to convince users that they have been hit by a virus. The goal is to con victims into paying for the fake program, explained Intego, an authentic antivirus software maker.

Exploiting Search-Engine Trust

Similar malware attacks are commonly encountered on Windows machines. For example, the LizaMoon scareware that surfaced last month also attempts to fool PC users into downloading a fake antivirus program by using what superficially appears to be the name of a Microsoft product: Windows Stability Center.

However, the fact that malware sites have begun serving up a Mac version is new and extremely rare, wrote Intego security experts in a blog. "While the site itself still shows a fake Windows screen, the rogue antivirus itself is a well-designed Mac application and looks professional," they wrote.

Like other Internet scams targeting Windows PCs, the bogus MAC Defender exploits the user's trust in the search engine being used. What's significant about the new Mac threat is that the scareware's makers have embedded JavaScript into their malware web pages to compel browsers like Safari to automatically download the app.

A JavaScript-Based Attack

To prevent unauthorized downloads and installations without the user's consent, security experts are advising Mac users to uncheck the "Open safe files after downloading" option in Safari and avoid running any installer unless the user specifically elected to download it.

According to Symantec, one of the appeals of JavaScript to attackers is that it's a cross-browser, multi-platform technology. "This means that it runs on almost every web browser and operating system available -- a claim few other technologies can make," says Symantec's latest Internet Security Threat Report.

Moreover, the use of the web as a primary attack vehicle is rapidly rising. Symantec reports that the volume of web-based attacks per day increased 93 percent year over year in 2010. And it expects this trend to continue through 2011 and beyond.

Meanwhile, Intego said its VirusBarrier X5 and X6 real-time scanners will detect the malware when it is downloaded. In addition, Intego's Web Threats protection will block any web pages containing the malicious code.

Tell Us What You Think


Andy Cordy:
Posted: 2011-05-10 @ 2:44pm PT
My partner's G5 iMac was infected this week with a program of this kind. We reasoned that a simple program had snuck under the Mac defences but on rebooting with firefox as default browser the problem persisted.
A tech savvy friend suggested looking for unexpected programs in System Pref/Accounts/login items and there it was "Macprotector" top of the list. We removed it and BINGO! no more threats, no more porn pop ups.

Jay Banta:
Posted: 2011-05-07 @ 1:46am PT
How does one get rid of this junk?

Like Us on FacebookFollow Us on Twitter
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
Product Information and Resources for Technology You Can Use To Boost Your Business

Using Internet-connected devices without strong passwords is inherently risky, as illustrated by reports that a Russian Web site is showing live footage from thousands of people's webcams.

Doctor Who had K-9, the robot dog that accompanied him on adventures through space. Now, Mountain View has K5, a 5-foot-tall, 300-pound robot security guard patrolling in the Bay Area.

To better its customer service, Comcast is pulling out at least some of the stops. The cable giant has launched an app so you can track the cable guy in real time. It's designed to ease customer frustration.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.