Feeds

New Mac fake-defenders similar to Windows scareware

Added feature: Porn, drug sites opened at random

Secure remote control for conventional and virtual desktops

Researchers at Microsoft have discovered striking similarities between the recently emerged wave of scareware packages targeting Mac fans and the longer established rogue anti-virus applications for Windows.

MacDefender falsely warns that Mac OS X machines are infected with malware in a bid to trick prospective marks into buying a supposed security package that actually does more harm than good. Like its Windows cousin, the scam starts after users are tricked – via search engine manipulation and other ruses – into visiting an imitation scanner interface.

But the similarities between MacDefender (dubbed FakeMacdef) and Winwebsec, a strain of scareware for Windows machines, go far deeper than that.

For one thing, the URL format that FakeMacdef calls home is almost identical to that which we see in Winwebsec. In additional, the purchase pages use the same payment gateway. Finally, as a blog post by Microsoft illustrates, the interfaces on both products are almost the same.

The one main difference between MacDefender and its Windows-targeting siblings is that the Mac-targeting malware is more aggressive. MacDefender frightens users further by loading adult-oriented or pharmaceutical websites at random intervals. These sites themselves aren't infected by malware, but are loaded in order to trick Mac users into thinking they really are infected – and that MacDefender offers the best way out of the supposed mess, Microsoft said.

FakeMacdef loads most of its resources from a directory named "ru.lproj", suggesting the developer may be a Russian language speaker.

At least three Mac-targeting scareware packages have been doing the rounds this month: Mac Defender, Mac Protector and Mac Security. All three are bogus but don't expect Apple to tell you that, much less talk customers through the process of getting rid of the nuisance.

Standing orders, leaked this week, mean that Apple consumer rights people are told to neither confirm nor deny Mac infections.

The internal document, entitled About 'Mac Defender' Malware, further instructs Apple support personnel "not [to] provide support for removal of the malware". ®

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.