Fake security software takes aim at Mac users
'Rogueware' plague expands from Windows to Mac OS, tries to dupe Apple users into paying $60-$80
Computerworld - Scammers are distributing fake security software aimed at the Mac by taking advantage of the news that al-Qaeda leader Osama Bin Laden has been killed by U.S. forces, a security researcher said today.
A security firm that specializes in Mac software called the move "a very big step forward" for malware makers targeting Apple's users.
Phony antivirus software, dubbed "rogueware" by security experts, has long plagued people running Microsoft Windows, but this is the first time scammers have targeted the Mac with a sophisticated, professional-looking security application, said Peter James, a spokesman for Intego, a Mac-only antivirus company headquartered in France.
"This is indeed a very big step forward for Mac malware," said James.
The program, dubbed MAC Defender, is similar to existing "rogueware," the term for bogus security software that claims a personal computer is heavily infected with malware. Once installed, such software nags users with pervasive pop-ups and fake alerts until they fork over a fee to purchase the worthless program.
Until now, rogueware has been exclusively targeting Windows PCs.
That's changed, according to Kurt Baumgartner, a senior malware researcher with Moscow-based Kaspersky Lab, who today said that one group distributing MAC Defender has also been actively spreading Windows rogueware.
"They have been revving up for this for months," said Baumgartner of the work to prep MAC Defender.
Last month, Baumgartner had reported that ".co.cc" domains -- which are often used to spread malware and host attack code-infected Web sites -- had begun to host fake security sites and deliver the "Best AntiVirus 2011" rogueware.
During his early-April sweep through the .co.cc domains, Baumgartner found a URL explicitly aimed at Macs: "antispyware-macbook(dot)co(dot)cc".
"It is very odd that this group is marketing 'Fast Windows Antivirus 2011' from 'macbook' domains," Baumgartner said at the time in a blog post.
Today, Baumgartner said that a group using .co.cc domains was serving up fake security software for Macs as part of a broader campaign to trick Windows users into downloading and installing phony programs.
That campaign is currently exploiting the hot news topic of Bin Laden's death to get people to click on links that redirect their browsers to the rogueware downloads. The scammers have used "black hat" SEO (search engine optimization) tactics to push links to rogueware higher on Google Images' search results.
But that's not the only way Mac owners have been duped into installing MAC Defender.
On Saturday -- the day before President Obama announced the killing of Bin Laden -- messages from infected users began appearing on Apple's support forums.
"What is macdefender and why is it trying to install itself on my computer?" asked someone identified as "wamabahama" on April 30.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts