Thursday, May 5, 2011

"Mac Security" Scamware:
Variations on a Fake

How I love the hunt!

Today's prey is an Internet rat known as species 'Scamware stupidicus'.

The rats who brought you the scamware (rogueware) "MAC Defender" (see my previous blog post) have now tweaked their code slightly and renamed the thing "Mac Security" with an installer entitled "BestMacAntivirus2011.mpkg.zip" which expands to the installer file "MacSecurity.mpkg". Expect there to be other name variations.

Good old Intego discovered this new variation, posting an article and a "How It Works" video here:

Intego Discovers New Variants of Mac Defender Fake Antivirus

You can directly watch the video on YouTube HERE.


Intego have updated their Virus Barrier malware signatures to detect this new rodent excrement.

What is hilarious about this scamware is the LAZINESS of the hacker rats who wrote it. The interface for the scamware is that of Microsoft WINDOWS!!! Hardy har. If you've used Windows in the last decade, you'll spot it immediately as BOGUS.


At this time the dangers are:

A) You fork out $money$ to buy useless garbage.

B) You give away your CREDIT CARD to criminals. It's a good as posting your card publicly on the Internet.

C) You give away your computer's PASSWORD. (This is now clearly evident from Intego's provided video). Consider yourself as good as PWNed (i.e. botted, i.e. zombied, i.e. no longer in control of your computer). So far the Trojan horse software is 'empty', containing nothing dangerous. But it could! Most likely, future variations will.

As with all current Mac malware, this POS relies upon social engineering, aka LUSER behavior, to entice the user to install it. Don't do that!

To keep ourselves safe, let's chant the mantra of...

The Top Two Rules Of Computing:

I) Make A Backup.

II) Verify All Software Before Installing It Or Running It.

(I'm considering using the following as Rule III:
III) Verify all links before clicking them).

Happy shooting!
--

2 comments:

  1. how do you delete it off you computer?

    ReplyDelete
  2. The folks at MacScan have provided two alternative "Removal Instructions" for MAC Defender. (At this time there is nothing specific to the "Mac Security" scamware):

    http://macscan.securemac.com/mac-defender-analysis-and-removal-instructions/

    At the moment their posting is apparently either incomplete or has errors. Images are missing from the "Method One" instructions.

    I'm writing up my own generic instructions for rogue application removal, which you will find as the next article on this blog.

    :-Derek

    ReplyDelete