Filtered By: Scitech
SciTech

Macs targeted by new rogueware


Mac users, beware: A new rogue software masquerading as an anti-malware program is targeting your machines. The "MAC Defender" rogueware tries to download automatically on Mac computers, then includes itself in the list of programs that will load on startup. "This application is very well designed, and looks professional. There are a number of different screens, and the grammar and spelling are correct, the buttons are attractive, and the overall look and feel of the program give it a professional look. It will occasionally display alerts, telling users that viruses are found," security firm Intego said in a blog post. Credit cards at risk "The scam here is to charge users for a program that doesn’t do anything; the virus warnings presented are bogus, and after paying, they no longer display, so users think the program has done something useful. It is also possible that these credit card numbers, given via an unsecure web page, could be used for other purposes," it added. Intego also noted the fact that sites offering rogue antivirus programs for Macs are "new and extremely rare." According to Intego, the risk of the malware — listed as OSX/MacDefender.A — is relatively low and "not very widespread" for now. But it pointed out that MAC Defender's makers use search engine optimization (SEO) poisoning attacks, which get malicious sites to appear at the top of search results. Search optimized malware "When a user clicks on certain links after performing a search on a search engine such as Google, they are sent to a web site that displays a fake Windows screen with an animated image showing a malware scan; a window then tells the user that their computer is infected. After this, JavaScript on the page automatically downloads a file," it said. The downloaded file is a compressed ZIP archive and will open if the "Open 'safe' files after downloading" option in OSX's Safari browser in checked. However, Intego also noted its realtime antivirus scanner will detect the installer as a "Trojan horse." It also said its Web Threats protection can detect Web pages that serve the installer. Extent of infection Intego said the malware adds itself to the user’s Login Items upon installation, so it will relaunch each time the user logs in or starts up the computer. The application itself cannot be quit easily, as there is no Dock icon. "MAC Defender also opens web pages for pornographic web sites in the user’s web browser every few minutes. This is most likely to make users think that they are infected by a virus, and that paying for MAC Defender will relieve them of the problem," Intego said. Clicking the Register button on the About screen takes users to a web page where they can purchase a license for the program. The license is good for either one year, two years, or a lifetime. However, users are also asked to provide a credit card number, and the web page used is not secure. Steps for protection Intego said users who unexpectedly see an installation screen should not go further and install the application. It also suggested that users uncheck the “Open ‘Safe’ files after downloading" option in Safari, or similar options in other browsers. "If a browser asks you if you want to run an installer when you did not expect to download an installer, always click the No or Cancel button," it said. Also, it said its VirusBarrier X5 and VirusBarrier X6 software can protect users from this malware with malware definitions dated May 2, 2011 or later. — TJD, GMA News

LOADING CONTENT