Jump to content

New Viruses for Mac


3 posts in this topic

Recommended Posts

It seems that Macs are no longer the redheaded step child for viruses. The windows communities decided that sharing their "Windows defender" virus was the nice thing to do. So now we have to look out for a fake Antivirus program named (What else but) Mac Defender. Anyone familiar with the windows version of this virus knows what a problem this little virus can be. So lets watch the sites that we go to, and the searches that we preform.

 

 

Here is the article from eweek.com

 

http://www.eweek.com/c/a/Security/Fake-AV-...h-Links-644121/

 

 

Attackers are distributing a fake antivirus specifically designed to look like a real Mac OS X application using poisoned search results.

Relying on the supposed “invulnerability” of Apple’s operating system got even riskier as malware developers have launched a rogue antivirus specifically targeting Mac OS X users, according to a security firm.

 

The bogus antivirus program, called MAC Defender downloads itself onto the user’s computer and automatically launches a scanner to “find” several viruses on the system, security firm Intego said May 2. The rogue software is taking the name of the legitimate MacDefender program in order to trick users into thinking it’s a real security software.

 

“In the past,” the company wrote, “these types of sites—very common vectors of Windows malware—only delivered Windows .exe applications. The fact that such a site is providing a Mac rogue antivirus is new, and extremely rare. While the site itself still shows a fake Windows screen, the rogue antivirus itself is a well-designed Mac application.”

 

Intego claimed the makers of this scareware have used black hat search engine optimization tactics to boost malware Websites to the top of Google and other search engine results for some keywords. Neither Sophos nor Intego identified the affected keywords, although some users told The Next Web they were infected while looking at images of piranhas.

 

The professional-looking software has been seen on both Google image search and on regular search results pages. When users click on the rogue link, they are redirected to a Website containing malicious JavaScript code that displays a fake scan with a results window claiming the system has been infected. The code also analyzes whether the user is running Windows or Mac OS X and downloads a compressed ZIP file customized for the operating system.

 

If the user has the “open safe files” option checked in Safari, or a comparable option in other browsers, then the rogue file opens on its own, according to Intego. Intego recommended turning off the option that allows files to open automatically.

 

If a user gets this far, they can still stop the infection, as the installer will cause the system to prompt the user for a system password before installing the “MACDefender Setup” program.

 

“This latest attack can be very convincing, as the malware pretends to be a legitimate Mac anti-virus program called MacDefender and claims to find some very important applications and functions that may have been compromised," Chester Wisniewski, Sophos senior security advisor, wrote on the NakedSecurity blog.

 

MACDefender tries to convince users to enter credit card information to buy a one-year license for $59.95, a two-year license for $69.95 or a “lifetime” software license for $79.95 to remove the supposed infection.

 

“What is really at risk is your credit card information if you succumb to the attack and provide your information,” Wisniewski said.

 

The application attaches itself to the computer’s launch menu and has no dock icon, making it difficult to quit. MAC Defender also opens Web pages for adult content Websites in the user’s Web browser every few minutes; this tricks users into thinking their machines are infected by a virus, according to Intego.

 

It’s not clear whether MAC Defender was acting as a virus or as a form of scareware designed to steal Mac users’ credit card details, but for the moment, it seems pretty low-risk because it still requires user interaction to actually install the malware. Just downloading the file won’t infect the computer, according to Intego.

 

To remove the MACDefender application, users should go to Activity Monitor in Applications/Utilities and disable anything that relates to the file. Users should look for any references to the scareware in Startup Items, Launch Agents and LaunchDaemons and quit running processes. Finally, users should drag the MAC Defender application to the trash and trash any other MACDefender reference found under Spotlight.

Link to comment
Share on other sites

wow. I'm scared.

 

Not.

 

Its the same as using Windows without AV. Just be careful ffs. If you don't download every single file you see or go "oo! this random website says I have a virus! must download av it recommends" you'll be fine.

 

Haven't used anti-virus in Windows for about 6 years. And I haven't had a problem...

 

So in short: don't be an idiot. -.-

Link to comment
Share on other sites

wow. I'm scared.

 

Not.

 

Its the same as using Windows without AV. Just be careful ffs. If you don't download every single file you see or go "oo! this random website says I have a virus! must download av it recommends" you'll be fine.

 

Haven't used anti-virus in Windows for about 6 years. And I haven't had a problem...

 

So in short: don't be an idiot. -.-

 

HA! Hahahahahaha!

 

By the matrix, you might be a kindred human. Don't be an idiot is a line I love to use and it really sums up many issues like this.

 

I also have not used any type of Anti-Virus stuff for Windows in years. Never have had a problem, and I keep track of the inner workings of Windows because of all the security problems that could happen. All it takes is "don't click the link/open the app/or click YES" to pretty much null and void most mal-code attacks. The list goes on and on of course.

 

I do like the fact that OS X was too obscure for most mal-code programmers to bother with but I guess, as it should be assumed as OS X grows in use, it won't be the case forever. I'd wager the average Mac user doesn't have a clue about things like this and since many are accustomed to not having to "worry" -which is somewhat foolish, nothing is perfect- scams like this could take a heavy toll.

 

The bad part for anyone that isn't the average user, this could mean bad things. Apple doesn't already like users having control over the software users buy and this could prompt Apple to inflict more control and restrictions on how we use OS X.

Link to comment
Share on other sites

 Share

×
×
  • Create New...