Apple admits Mac scareware infections, promises cleaning tool

[~BD~]

David H. Lipman wrote:
<snip>
> ====
> This entry is available at
> http://www.us-cert.gov/current/index...cprotector_and


The user searches for something on the web and clicks on a link.
Sometimes the bad link is part of a comment left at a news site.

The page pops up various screens and graphics to make it appear as if
the web page has detected a virus on your Mac. It is all fake.

If you click on anything on that page, including the cancel button, a
you will download the malicious “Mac Defender” installer.

If you have “Open Safe Files After Downloading” then the installer will
launch and run.

At this point the installer asks for the admin password, to get
permission to install. The Mac Guard variant doesn’t ask for a password,
but still asks for permission to install.

If the user gives the password, it installs and infects the Mac.

Fake virus scanning screens appear and declare that the Mac is infected
with a virus, a credit card number is requested so that the Mac can be
cleaned.

http://macmost.com/mac-defender-trojan-malware.html

[Dustin]

~BD~ <~BD~@nomail.afraid.com> wrote in
news:b7KdnXm8x-dVbkPQnZ2dnUVZ8s2dnZ2d@bt.com:

> David H. Lipman wrote:
> <snip>
>> ====
>> This entry is available at
>> http://www.us-cert.gov/current/index...fender_macprot
>> ector_and
>
>
> The user searches for something on the web and clicks on a link.
> Sometimes the bad link is part of a comment left at a news site.
>
> The page pops up various screens and graphics to make it appear as
> if the web page has detected a virus on your Mac. It is all fake.
>
> If you click on anything on that page, including the cancel button,
> a you will download the malicious “Mac Defender” installer.
>
> If you have “Open Safe Files After Downloading” then the installer
> will launch and run.
>
> At this point the installer asks for the admin password, to get
> permission to install. The Mac Guard variant doesn’t ask for a
> password, but still asks for permission to install.
>
> If the user gives the password, it installs and infects the Mac.
>
> Fake virus scanning screens appear and declare that the Mac is
> infected with a virus, a credit card number is requested so that the
> Mac can be cleaned.
>
> http://macmost.com/mac-defender-trojan-malware.html

It's the same social engineering principle commonly used on Windows
systems. Evidently Mac users are just as gullable. [g]




--
Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again

[~BD~]

Dustin wrote:

> It's the same social engineering principle commonly used on Windows
> systems. Evidently Mac users are just as gullable. [g]

BD most certainly is *gullible*, Dustin!

However, I have never doubted your word on technical matters and,
contrary to what you seem to think, I believe you were on the right
track with BugHunter. It might have become another (an American
version!) of DrWeb Cureit!

http://www.freedrweb.com/cureit/

[Peter Foldes]

"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:b7KdnXm8x-dVbkPQnZ2dnUVZ8s2dnZ2d@bt.com...
> David H. Lipman wrote:
> <snip>
>> ====
>> This entry is available at
>> http://www.us-cert.gov/current/index...cprotector_and
>


BD

You posted a copy\paste again and I am 150% sure you have no idea what it meant. You
never do because you will come back in the next weeks or months asking with a post
reflecting on this one and asking in your layman ways as to what it means.

--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
This posting is provided "AS IS" with no warranties, and confers no rights.
http://www.microsoft.com/protect