Apple admits Mac scareware infections, promises cleaning tool

[~BD~]

Computerworld - Apple on Tuesday promised an update for Mac OS X that
will find and delete the MacDefender fake security software, and warn
still-unaffected users when they download the bogus program.

The announcement -- part of a new support document that the company
posted late Tuesday -- was the company's first public recognition of the
threat posed by what security experts call "scareware" or "rogueware."

"In the coming days, Apple will deliver a Mac OS X software update that
will automatically find and remove Mac Defender malware and its known
variants," Apple said in the document. "The update will also help
protect users by providing an explicit warning if they download this
malware."

Apple also outlined steps that users with infected Macs can take to
remove the scareware.

http://www.computerworld.com/s/artic..._cleaning_tool

[David H. Lipman]

From: "~BD~" <~BD~@nomail.afraid.com>

> Computerworld - Apple on Tuesday promised an update for Mac OS X that will find and
> delete the MacDefender fake security software, and warn still-unaffected users when they
> download the bogus program.
>
> The announcement -- part of a new support document that the company posted late
> Tuesday -- was the company's first public recognition of the threat posed by what
> security experts call "scareware" or "rogueware."
>
> "In the coming days, Apple will deliver a Mac OS X software update that will
> automatically find and remove Mac Defender malware and its known variants," Apple said
> in the document. "The update will also help protect users by providing an explicit
> warning if they download this malware."
>
> Apple also outlined steps that users with infected Macs can take to remove the
> scareware.
>
> http://www.computerworld.com/s/artic..._cleaning_tool


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Apple Mac Defender, MacProtector, and MacSecurity Fake Anti-Virus Software

Original release date: May 25, 2011 at 9:33 am
Last revised: May 25, 2011 at 9:33 am


Apple has released a security advisory related to the recent Mac fake
anti-virus software. The most common names for this fake anti-virus
software are MacDefender, MacProtector, and MacSecurity. This fake
anti-virus software is the result of a phishing scam targeting Mac
users that redirects them from legitimate websites to fake websites.
These fake websites notify the user that their computer is infected
with a virus, and the user is tricked into installing the fake
anti-virus software to solve the issue. The ultimate goal of the fake
anti-virus software is to steal the user's credit card information.

US-CERT encourages users to perform the following preventative
measures to help mitigate the risks:
* Review Apple article HT4650 for avoidance and mitigation
strategies.
* Do not follow unsolicited web links or attachments in email
messages.
* Review the Recognizing Fake Antivirus document for additional
information regarding fake antivirus software.

Apple plans to deliver a security update to address the issue. US-CERT
will provide additional details as they become available.

Relevant Url(s):
<https://www.us-cert.gov/cas/tips/ST10-001.html>

<http://support.apple.com/kb/ht4650>

====
This entry is available at
http://www.us-cert.gov/current/index...cprotector_and

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTd0RUz6pPKYJORa3AQKmXQf+INjOAIagRV1Z5kVHw+ 7f/DG6F78LMHRA
mUlXD/+xypn0Jw6qQToPs5Q05bPyl+xXGsF0KCi9Z5R87jfXBVMsI4Vh Jlsq13/l
4mPqUqYFp10jo1U0ifDEEjKGpb1VIxiKpWXiQeQill1XLDM9W/fVSDTm8M/PAdiV
SNVIPGJpn+3vOvZ/KD0j6qUrfkClaIgTlmRmVwJrlFm5E6zGlvC3jDw93tbm1h+P
hksTyW/2Ymch9uZ5xzowxVCSkRmNaEuic32CjDADBW0NkuHaY27o4IxGl 7dDrLNq
/7Gxm7KbAU7uGZEovFXKTE6rb0S4P1xXcsy0L9vbh9Q/feQegdoNMg==
=CDPa
-----END PGP SIGNATURE-----

--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp

[~BD~]

David H. Lipman wrote:
<snip>
> ====
> This entry is available at
> http://www.us-cert.gov/current/index...cprotector_and


The user searches for something on the web and clicks on a link.
Sometimes the bad link is part of a comment left at a news site.

The page pops up various screens and graphics to make it appear as if
the web page has detected a virus on your Mac. It is all fake.

If you click on anything on that page, including the cancel button, a
you will download the malicious “Mac Defender” installer.

If you have “Open Safe Files After Downloading” then the installer will
launch and run.

At this point the installer asks for the admin password, to get
permission to install. The Mac Guard variant doesn’t ask for a password,
but still asks for permission to install.

If the user gives the password, it installs and infects the Mac.

Fake virus scanning screens appear and declare that the Mac is infected
with a virus, a credit card number is requested so that the Mac can be
cleaned.

http://macmost.com/mac-defender-trojan-malware.html

[Dustin]

~BD~ <~BD~@nomail.afraid.com> wrote in
news:b7KdnXm8x-dVbkPQnZ2dnUVZ8s2dnZ2d@bt.com:

> David H. Lipman wrote:
> <snip>
>> ====
>> This entry is available at
>> http://www.us-cert.gov/current/index...fender_macprot
>> ector_and
>
>
> The user searches for something on the web and clicks on a link.
> Sometimes the bad link is part of a comment left at a news site.
>
> The page pops up various screens and graphics to make it appear as
> if the web page has detected a virus on your Mac. It is all fake.
>
> If you click on anything on that page, including the cancel button,
> a you will download the malicious “Mac Defender” installer.
>
> If you have “Open Safe Files After Downloading” then the installer
> will launch and run.
>
> At this point the installer asks for the admin password, to get
> permission to install. The Mac Guard variant doesn’t ask for a
> password, but still asks for permission to install.
>
> If the user gives the password, it installs and infects the Mac.
>
> Fake virus scanning screens appear and declare that the Mac is
> infected with a virus, a credit card number is requested so that the
> Mac can be cleaned.
>
> http://macmost.com/mac-defender-trojan-malware.html

It's the same social engineering principle commonly used on Windows
systems. Evidently Mac users are just as gullable. [g]




--
Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again

[Peter Foldes]

"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:b7KdnXm8x-dVbkPQnZ2dnUVZ8s2dnZ2d@bt.com...
> David H. Lipman wrote:
> <snip>
>> ====
>> This entry is available at
>> http://www.us-cert.gov/current/index...cprotector_and
>


BD

You posted a copy\paste again and I am 150% sure you have no idea what it meant. You
never do because you will come back in the next weeks or months asking with a post
reflecting on this one and asking in your layman ways as to what it means.

--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
This posting is provided "AS IS" with no warranties, and confers no rights.
http://www.microsoft.com/protect

[Bullwinkle.]

Do you still think you control your computers
100% of the time?


"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:VrSdnQwYnJ9xv0DQnZ2dnUVZ8mWdnZ2d@bt.com...
Computerworld - Apple on Tuesday promised an update for Mac OS X that
will find and delete the MacDefender

[~BD~]

Dustin wrote:

> It's the same social engineering principle commonly used on Windows
> systems. Evidently Mac users are just as gullable. [g]

BD most certainly is *gullible*, Dustin!

However, I have never doubted your word on technical matters and,
contrary to what you seem to think, I believe you were on the right
track with BugHunter. It might have become another (an American
version!) of DrWeb Cureit!

http://www.freedrweb.com/cureit/

[gaz]

~BD~ wrote:
> Computerworld - Apple on Tuesday promised an update for Mac OS X that
> will find and delete the MacDefender fake security software, and warn
> still-unaffected users when they download the bogus program.
>
> The announcement -- part of a new support document that the company
> posted late Tuesday -- was the company's first public recognition of
> the threat posed by what security experts call "scareware" or
> "rogueware."
> "In the coming days, Apple will deliver a Mac OS X software update
> that will automatically find and remove Mac Defender malware and its
> known variants," Apple said in the document. "The update will also
> help protect users by providing an explicit warning if they download
> this malware."
>
> Apple also outlined steps that users with infected Macs can take to
> remove the scareware.
>
> http://www.computerworld.com/s/artic..._cleaning_tool

Well done Apple. Will this be a one off or will OSX now become a source of
attack. These types of attacks as we all know are exceptionally common on
PCs and have all but drowned out the more traditional virus.

[David H. Lipman]

From: "gaz" <bkuh@blugh.com>

> ~BD~ wrote:
>> Computerworld - Apple on Tuesday promised an update for Mac OS X that
>> will find and delete the MacDefender fake security software, and warn
>> still-unaffected users when they download the bogus program.
>>
>> The announcement -- part of a new support document that the company
>> posted late Tuesday -- was the company's first public recognition of
>> the threat posed by what security experts call "scareware" or
>> "rogueware."
>> "In the coming days, Apple will deliver a Mac OS X software update
>> that will automatically find and remove Mac Defender malware and its
>> known variants," Apple said in the document. "The update will also
>> help protect users by providing an explicit warning if they download
>> this malware."
>>
>> Apple also outlined steps that users with infected Macs can take to
>> remove the scareware.
>>
>> http://www.computerworld.com/s/artic..._cleaning_tool
>
> Well done Apple. Will this be a one off or will OSX now become a source of attack. These
> types of attacks as we all know are exceptionally common on PCs and have all but drowned
> out the more traditional virus.

It isn't the first. Apples were also vulnerable to DNSChanger trojans.


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp

[John_Doe]

David H. Lipman wrote:

> Apples were also vulnerable to DNSChanger trojans.

Are they *still* vulnerable to same, David?

How may one check? Do you have a helpful link to follow?

TIA