New Virus Scam Attacks Macs
NewsFactor

Barry Levine, newsfactor.com – Fri May 20, 4:54 pm ET

A frequent debate topic between Mac and Windows fans is Apple's susceptibility to viruses and other malware. Some say Mac is an intrinsically safer platform, which is the reason given as to why Macs are not nearly as virus-prone as Windows ones. Others contend that, with their smaller market share, Macs are simply not a target worth hacking.

Now, a new fake anti-virus software is making more Mac owners virus-aware. According to news reports, AppleCare has indicated that calls related to this malicious app -- called MAC Defender, MacSecurity, or Mac Protector -- are up dramatically.

'SEO Poisoning Attacks'

A memo that has surfaced on the Web, reportedly an internal communication to Apple support staff, instructs how to handle such calls.

Key points in the memo include "do not confirm or deny that any such software has been installed," "do not attempt to remove or uninstall any malware software," and do not escalate or send the customer to the Apple Retail Store.

According to Mac security firm Intego, MAC Defender targets users of that platform primarily through "SEO poisoning attacks," in which Web sites with malicious code use search optimization tricks to rank at the top of search results. A user who clicks on that search result is sent to a Web site that shows a fake screen and a fake malware scan, after which it tells the user that the computer is infected.

Javascript on the page automatically downloads a compressed ZIP archive file. If the "open 'safe' after downloading" option in Safari is enabled, the file is them unzipped and the user is presented with a Setup Installer.

If the user proceeds with installation, MAC Defender launches. Intego describes the application as "very well designed," with a professional look, a number of different screens, attractive buttons, and correct spelling.

Malware Building Kit

Once installed, MAC Defender indicates that the computer is infected, and then opens Web pages for pornographic sites every few minutes. To counter the "virus," the user is prompted to buy into MAC Defender's "anti-virus" protection service.

After a credit card number has been entered into a license purchasing page, the Web porn and virus warnings stop. But there is no service, and the user has just given the malware authors a credit card number.

Intego recommends not installing the application to begin with, of course, and to uncheck the "open 'safe' files" option in Safari or other browsers.

This kind of fake anti-virus software has, for years, been the bane of many Windows users' existence, but this is the first time it's been designed for Mac. In fact, reports indicate that early versions of the malware still showed a Windows interface.

Although a rare example, MAC Defender/MacSecurity/Mac Protector is likely to be followed by an upsurge of such attacks. Macs now have an installed base big enough to be worthy of attention by hackers, and security experts have noted that a new Mac-oriented, point-and-click malware building kit is on sale in the criminal underground.

http://news.yahoo.com/s/nf/20110520/...d2aXJ1c3NjYW0-