Saturday, March 29, 2008
The VERY SCARY Second Mac OS X Malware Arrives: Troj/MacSwp-B
"MacSweeper" from "Imunizator" sounds like slackerware right off the bat. In this case it is nasty spooky SCAREWARE! Run for your life, yawn, zzz.
This slackerware is actually a few weeks old, but since it was discovered by Sophos it has officially become 'malware'. The BIG question: What DAMAGE does this rubbish do to your Mac????
Nothing at all.
Thus I yawn.
So is this actually 'malware'? Well, it is in the sense that it takes advantage of the eternal 'wetware vulnerability' problem, damaging your personal sense of logic, scaring you into thinking you need to pay for this fraudulent crapware or your computer will meet a horrible doom. (And yes everyone, I was the one who invented the term 'crapware'. Seriously! I'm not kidding! - Well, actually a friend pointed out it is an obvious term that anyone could have created. So much for my creativity).
Then what does this thingy actually do? By definition this is SOCIAL ENGINEERING malware. It is a form of PHISHING. This particular method is very old, like well over a decade. Here is how it works:
1) You download the thing because it was offered at a nefarious website you shouldn't have visited. (NOTE: Instead you should have checked VersionTracker or MacUpdate to see if they had ever heard of it and consider it a worthwhile program, which they don't. Then you should have Googled its name to see if there are reports about its reputation).
2) You install and run it. (This is very naughty. Don't do this with anything you have not already verified to be legitimate, having a good reputation).
3) It pretends to scan your Mac's "Universal Binnaries". (Again: Slackerware much?)
4) It then lies to you and says you have privacy violations that require your attention or you'll suffer the consequences. And of course the only way to avoid this terrible fate is to pay for this crapware in order to activate its ability to fix the fake problems.
5) You pay for the crapware. You lose your identity. The crooks use your identity to buy lots of toys and stiff you with the bill. They then sell your identity to others and further stiffing behavior continues until you or your credit card company get the clue and stop payment, invalidating your card. And that's not fun, OK?
Do you need to buy anti-malware to protect you from Troj/MacSwp-B? NO. Clam will do nicely, thank you. Instead you should familiarize yourself with social engineering strategies. You can read about social engineering at:
Here is the source report of Troj/MacSwp-B:
You can read a snide evaluation of Troj/MacSwp-B at:
As MDN sez: "Do not download, authorize, and install software from unknown, untrusted Websites or any other sources."
Especially, never-ever provide your administrator password when installing or running ANY program unless you know absolutely, totally, fur shur that the software is legitimate. Otherwise you are giving away the farm and the malware rulz your Mac. And that's bad, OK?
Now go watch something really scary like the latest US political speech on CNN. Yes, mentally-challenged fascist vampires do exist.