Welcome to WebmasterWorld Guest from 54.166.46.226

Forum Moderators: travelin cat

Message Too Old, No Replies

Fake Mac Security Software Catching Out Users

   
4:17 pm on May 19, 2011 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Fake Mac Security Software Catching Out Users [bbc.co.uk]
A fake security program for Apple computers called MACDefender has racked up a significant number of victims.

Hundreds of people who installed the software have turned to Apple's forums for help to remove it.

The program's tactic of peppering screens with #*$!ographic pictures has made many keen to get rid of it.

MACDefender seems to have been successful because of the work its creators did to make it appear high up in search results.



Is the Mac now fare game? It used to be reasonably clear of scamware. Android/Chrome O/S will be next, i'm sure.

Earlier
MacOS Crimekit is disturbing news [webmasterworld.com]
5:28 pm on May 19, 2011 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



MACDefender seems to have been successful because of the work its creators did to make it appear high up in search results.

Some folks around here would probably like details ;)
8:28 pm on May 19, 2011 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I've always said the Mac was only secure because of it's relative obscurity in low numbers and now that Apple has managed to improve market penetration, so have the hackers.

People will be scrambling for Norton for Mac now.

Enjoy!

wondering where all the smarty pants are now that always jump on windows security issues claiming Mac did it right... bwahahahaha
8:30 pm on May 19, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



oh but all the mac people will tell you a Mac can't get viruses and malware, even apple will tell you the same thing in their commercials

:-P
2:11 pm on May 20, 2011 (gmt 0)

WebmasterWorld Administrator travelin_cat is a WebmasterWorld Top Contributor of All Time 10+ Year Member



J_RaD, only the ignorant people will say that. Just like on any platform.
4:41 pm on May 20, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Some folks around here would probably like details

Reports I have seen suggest that it has been exploiting high Google rankings for searches as diverse as "Osama bin Laden", "Mothers' Day" and "Frank Lloyd Wright". Google Image searches seem to be particularly affected. I have yet to see anyone blame a panda.

The host site apparently uses a pop-up window claiming infections have been detected and offering a scan - the scan (actually an animation) takes a few seconds and in some reports claims that viruses have been detected on the C drive (seriously).

Some variants do an immediate drive-by download of a .zip archive that may automatically be opened depending upon browser settings. Safari, Chrome and Firefox have all been cited.

It is not a virus. It is scareware and has to be installed manually. I have seen no reports of any actual system damage, though some people have paid for the program by credit card.

Removal is done by terminating the active process in Activity Monitor before deleting the application and any associated files found with a basic search.

Comments on various forums unsurprisingly confirm that idiots who own Macs are just as stupid as idiots who habitually use other platforms.

Enjoy!

Thank you.

...
4:47 pm on May 20, 2011 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Yeah, I did say it was scamware. ;)

Either way, as was rightly indicated, this will get worse as iPads/tablets and Android, etc., take off.
5:05 pm on May 20, 2011 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



It is not a virus. It is scareware and has to be installed manually.


Many viruses have to be installed manually as well, such as clicking the file attachment in the email.

It's more often human stupidity spreading a virus or a botnet than an actual OS vulnerability because people are stupid, naive and greedy and will often fall for anything like "click here to get your $500 Walmart gift certificate"
5:09 pm on May 20, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



this will get worse as iPads/tablets and Android, etc., take off

My understanding is that the same scamware (presumably under a different name) is also available for Windows, where a couple of hundred victims might be deemed insignificant.

What struck me here was how easily Google Image search is being exploited.

...
5:43 pm on May 20, 2011 (gmt 0)

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



where a couple of hundred victims might be deemed insignificant.


More than that have encountered this issue. The hundreds mentioned in the article are only the ones who have turned to the forums for help. ;)

+1 for incredibill. False sense of security and all that. It doesn't mean that Macs are as insecure as Windows. Just that hackers/scammers are turning to the next ripe target. I don't think any OS or device is hacker or exploit proof.
6:11 pm on May 20, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



I don't think any OS or device is hacker or exploit proof

I entirely agree.

But having looked at quite a lot of user reports, almost without exception those who knew how they had been infected with this particular nasty mentioned Google Image Search, and that is what I found most interesting.

...
4:37 am on May 21, 2011 (gmt 0)

10+ Year Member



An AppleCare support rep says this [zdnet.com] about what they're supposed to do about MacDefender when customers call them for help:

Our notice for Mac Defender is that we’re not supposed to help customers remove malware from their computer.
8:11 am on May 21, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



To be fair, the anonymous source continues:

"We give them links to Norton. McAfee, and Sophos."

All are reportedly effective in this case. Only one is free for home use, however.

A similar policy seems to apply at Apple stores, where staff are apparently instructed not to remove malware themselves (presumably because doing so is not covered in the customer "care plan") but to recommend the installation of reputable antivirus software.

Some of which may conveniently be available for purchase on the spot, of course.

Meanwhile, the "SEO poisoning" of Google Image Search seems to be a hot topic in its own right, and one which probably deserves its own (cross-platform) thread:

[krebsonsecurity.com...]

...
1:21 am on May 23, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member




but to recommend the installation of reputable antivirus software.

Some of which may conveniently be available for purchase on the spot, of course.


OUCH, to add insult to injury they don't fix your problem and SELL your something else.

I guess its better then saying, oh your imac got infected shoot just toss it and buy another one.
3:17 pm on May 23, 2011 (gmt 0)

WebmasterWorld Administrator travelin_cat is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Looks like another even more insidious phishing email is out:
We've received a number of warnings from readers over the last couple of weeks about fraudulent emails that look a lot like official Apple emails. These emails are structured just like Apple's promotional emails, but are actually attempts to lure unsuspecting customers into entering their Apple IDs and other personal information. Such so called "phishing" attempts are common and readers should be wary about following links from any emails.

[macrumors.com...]
2:18 pm on May 25, 2011 (gmt 0)

WebmasterWorld Administrator travelin_cat is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Apple has published instructions on how to remove the Mac Defender malware:

[support.apple.com...]
2:51 pm on May 25, 2011 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



This MacDefender thing was on the local news today and they said Apple is going to release some sort of "fix", whatever that could be.
4:10 pm on May 30, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Here is some worthwhile information from our friends at SANS.org:
[isc.sans.org...]

Users must be active in the install to have to worry about this malware. It pretends to a "useful" program. It's mostly social engineering. So, to answer the question in the initial post, "Is the Mac now fare game? It used to be reasonably clear of scamware," I would say no more or less than before.

incrediBILL said...

I've always said the Mac was only secure because of it's relative obscurity in low numbers and now that Apple has managed to improve market penetration, so have the hackers.

wondering where all the smarty pants are now that always jump on windows security issues claiming Mac did it right... bwahahahaha
This smarty pants, for one, is right here, still very, very happy not to have all of the pain and suffering caused by the sloppy work of Windows. You can continue to believe the myth that Apple's OS is not superior in the real world, but that's not going to make it true.
2:20 pm on Jun 1, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



security by obscurity.... isn't security at all, and they've been waving that flag wayyyyy to long, only a matter of time until someone paid attention to all of these unlocked doors.