Fake security software takes aim at Mac users
'Rogueware' plague expands from Windows to Mac OS, tries to dupe Apple users into paying $60-$80
Computerworld - Scammers are distributing fake security software aimed at the Mac by taking advantage of the news that al-Qaeda leader Osama Bin Laden has been killed by U.S. forces, a security researcher said today.
A security firm that specializes in Mac software called the move "a very big step forward" for malware makers targeting Apple's users.
Phony antivirus software, dubbed "rogueware" by security experts, has long plagued people running Microsoft Windows, but this is the first time scammers have targeted the Mac with a sophisticated, professional-looking security application, said Peter James, a spokesman for Intego, a Mac-only antivirus company headquartered in France.
"This is indeed a very big step forward for Mac malware," said James.
The program, dubbed MAC Defender, is similar to existing "rogueware," the term for bogus security software that claims a personal computer is heavily infected with malware. Once installed, such software nags users with pervasive pop-ups and fake alerts until they fork over a fee to purchase the worthless program.
Until now, rogueware has been exclusively targeting Windows PCs.
That's changed, according to Kurt Baumgartner, a senior malware researcher with Moscow-based Kaspersky Lab, who today said that one group distributing MAC Defender has also been actively spreading Windows rogueware.
"They have been revving up for this for months," said Baumgartner of the work to prep MAC Defender.
Last month, Baumgartner had reported that ".co.cc" domains -- which are often used to spread malware and host attack code-infected Web sites -- had begun to host fake security sites and deliver the "Best AntiVirus 2011" rogueware.
During his early-April sweep through the .co.cc domains, Baumgartner found a URL explicitly aimed at Macs: "antispyware-macbook(dot)co(dot)cc".
"It is very odd that this group is marketing 'Fast Windows Antivirus 2011' from 'macbook' domains," Baumgartner said at the time in a blog post.
Today, Baumgartner said that a group using .co.cc domains was serving up fake security software for Macs as part of a broader campaign to trick Windows users into downloading and installing phony programs.
That campaign is currently exploiting the hot news topic of Bin Laden's death to get people to click on links that redirect their browsers to the rogueware downloads. The scammers have used "black hat" SEO (search engine optimization) tactics to push links to rogueware higher on Google Images' search results.
But that's not the only way Mac owners have been duped into installing MAC Defender.
On Saturday -- the day before President Obama announced the killing of Bin Laden -- messages from infected users began appearing on Apple's support forums.
"What is macdefender and why is it trying to install itself on my computer?" asked someone identified as "wamabahama" on April 30.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts