Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 14 MINUTES AGO.
You are here: Home / Apple/Mac / Bogus Antivirus Product Targets Macs
Bogus Antivirus Malware Targets Mac Computers
Bogus Antivirus Malware Targets Mac Computers
By Mark Long / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MAY
02
2011
A fake antivirus application is targeting Mac OS X computers using Apple's Safari browser. Cybercriminals pushing MAC Defender, named like the legitimate MacDefender antivirus product, are manipulating keywords to push malicious sites to the top of search results.

According to Relevant Products/Services experts, Mac users who visit one of the malicious sites will see a fake Windows screen featuring an animated image of a malware scan, which reports that their computers have been infected and may automatically download the scareware. If the file is installed, problems will periodically arise until the user pays for the bogus program.

For example, the bogus MAC Defender will periodically open pornographic web pages to convince users that they have been hit by a virus. The goal is to con victims into paying for the fake program, explained Intego, an authentic antivirus software maker.

Exploiting Search-Engine Trust

Similar malware attacks are commonly encountered on Windows machines. For example, the LizaMoon scareware that surfaced last month also attempts to fool PC users into downloading a fake antivirus program by using what superficially appears to be the name of a Microsoft product: Windows Stability Center.

However, the fact that malware sites have begun serving up a Mac version is new and extremely rare, wrote Intego security experts in a blog. "While the site itself still shows a fake Windows screen, the rogue antivirus itself is a well-designed Mac application and looks professional," they wrote.

Like other Internet scams targeting Windows PCs, the bogus MAC Defender exploits the user's trust in the search engine being used. What's significant about the new Mac threat is that the scareware's makers have embedded JavaScript into their malware web pages to compel browsers like Safari to automatically download the app.

A JavaScript-Based Attack

To prevent unauthorized downloads and installations without the user's consent, security experts are advising Mac users to uncheck the "Open safe files after downloading" option in Safari and avoid running any installer unless the user specifically elected to download it.

According to Symantec, one of the appeals of JavaScript to attackers is that it's a cross-browser, multi-platform technology. "This means that it runs on almost every web browser and operating system available -- a claim few other technologies can make," says Symantec's latest Internet Security Threat Report.

Moreover, the use of the web as a primary attack vehicle is rapidly rising. Symantec reports that the volume of web-based attacks per day increased 93 percent year over year in 2010. And it expects this trend to continue through 2011 and beyond.

Meanwhile, Intego said its VirusBarrier X5 and X6 real-time scanners will detect the malware when it is downloaded. In addition, Intego's Web Threats Relevant Products/Services will block any web pages containing the malicious code.

Tell Us What You Think
Comment:

Name:

Andy Cordy:
Posted: 2011-05-10 @ 2:44pm PT
My partner's G5 iMac was infected this week with a program of this kind. We reasoned that a simple program had snuck under the Mac defences but on rebooting with firefox as default browser the problem persisted.
A tech savvy friend suggested looking for unexpected programs in System Pref/Accounts/login items and there it was "Macprotector" top of the list. We removed it and BINGO! no more threats, no more porn pop ups.

Jay Banta:
Posted: 2011-05-07 @ 1:46am PT
How does one get rid of this junk?

Like Us on FacebookFollow Us on Twitter
MORE IN APPLE/MAC
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.