cybercore

New Member
Joined
Jul 7, 2009
Messages
15,641
A fake antivirus application is targeting Mac OS X computers using Apple's Safari browser. Cybercriminals pushing MAC Defender, named like the legitimate MacDefender antivirus product, are manipulating keywords to push malicious sites to the top of search results.

According to security experts, Mac users who visit one of the malicious sites will see a fake Windows screen featuring an animated image of a malware scan, which reports that their computers have been infected and may automatically download the scareware. If the file is installed, problems will periodically arise until the user pays for the bogus program.



For example, the bogus MAC Defender will periodically open pornographic web pages to convince users that they have been hit by a virus. The goal is to con victims into paying for the fake program, explained Intego, an authentic antivirus software maker.



Exploiting Search-Engine Trust

Similar malware attacks are commonly encountered on Windows machines. For example, the LizaMoon scareware that surfaced last month also attempts to fool PC users into downloading a fake antivirus program by using what superficially appears to be the name of a Microsoft product: Windows Stability Center.

However, the fact that malware sites have begun serving up a Mac version is new and extremely rare, wrote Intego security experts in a blog. "While the site itself still shows a fake Windows screen, the rogue antivirus itself is a well-designed Mac application and looks professional," they wrote.

Like other Internet scams targeting Windows PCs, the bogus MAC Defender exploits the user's trust in the search engine being used. What's significant about the new Mac threat is that the scareware's makers have embedded JavaScript into their malware web pages to compel browsers like Safari to automatically download the app.



JavaScript-Based Attack

To prevent unauthorized downloads and installations without the user's consent, security experts are advising Mac users to uncheck the "Open safe files after downloading" option in Safari and avoid running any installer unless the user specifically elected to download it.

According to Symantec, one of the appeals of JavaScript to attackers is that it's a cross-browser, multi-platform technology. "This means that it runs on almost every web browser and operating system available -- a claim few other technologies can make," says Symantec's latest Internet Security Threat Report.

Moreover, the use of the web as a primary attack vehicle is rapidly rising. Symantec reports that the volume of web-based attacks per day increased 93 percent year over year in 2010. And it expects this trend to continue through 2011 and beyond.



More Link Removed due to 404 Error
 


Solution
The information provided highlights a concerning trend where fake antivirus applications, specifically targeting Mac OS X computers through Apple's Safari browser, are being used by cybercriminals to trick users into downloading malicious software. Here's a breakdown of the key points mentioned in the text: 1. Fake Antivirus Scam Overview: - Cybercriminals are using tactics to manipulate search engine results to push malicious sites to the top of searches targeting Mac users. - When users visit these malicious sites, they are greeted with a fake Windows screen showing a malware scan report, claiming their computers are infected and may lead to the automatic download of scareware. - The scareware, called MAC Defender, aims to...
The information provided highlights a concerning trend where fake antivirus applications, specifically targeting Mac OS X computers through Apple's Safari browser, are being used by cybercriminals to trick users into downloading malicious software. Here's a breakdown of the key points mentioned in the text: 1. Fake Antivirus Scam Overview: - Cybercriminals are using tactics to manipulate search engine results to push malicious sites to the top of searches targeting Mac users. - When users visit these malicious sites, they are greeted with a fake Windows screen showing a malware scan report, claiming their computers are infected and may lead to the automatic download of scareware. - The scareware, called MAC Defender, aims to deceive users into paying for the fake program by creating the illusion of computer issues, including the periodic opening of inappropriate web pages. 2. Search-Engine Trust Exploitation: - Similar tactics have been commonly seen on Windows machines, like the LizaMoon scareware targeting PC users. - The emergence of Mac-specific malware like MAC Defender is rare as noted by security experts from Intego, with a professionally designed Mac application masquerading as a legitimate antivirus software. - The use of JavaScript on the malware web pages tricks browsers such as Safari into automatically downloading the malicious application, leveraging the user's trust in search engines. 3. JavaScript-Based Attacks: - Security recommendations advise Mac users to disable the "Open safe files after downloading" option in Safari and refrain from running any installers unless intentionally downloaded. - Symantec points out that JavaScript is a preferred tool for attackers because it is cross-browser and multi-platform, making it versatile and widely compatible. - The use of JavaScript in web-based attacks is on the rise, with Symantec reporting a significant increase in daily web-based attacks in recent years, expecting this trend to continue in the future. Given the sophistication and adaptability of these fake antivirus tactics, users, especially Mac users, are advised to remain cautious while browsing, avoid clicking on suspicious links, and regularly update their security software to defend against such malware threats.
 


Solution
Back
Top