madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

New MAC OS X scareware delivered through blackhat SEO

By | May 4, 2011, 4:25am PDT

Summary: Researchers from Intego have intercepted a new scareware sample targeting the MAC OS X.

Researchers from Intego have intercepted a new scareware sample targeting the MAC OS X.

Named the MACDefender, the scareware sample shows a bogus interface, insisting that the end user is infected, and that their OS is in an insecure state. The researchers emphasize on the social engineering elements of the scareware, including the fact that although the site shows a fake Windows screen, the scareware itself is a well designed Mac application with no spelling or grammar mistakes in its description.

The scareware will periodically open pornographic content on the affected Mac, in order to trick the users into thinking they’re infected with malware. The scareware is sold for $59,95, part of a scareware affiliate network targeting Mac OS X users in particular.

Users are advised to exercise extra caution when dealing with suspicious downloads, especially ones delivered through blackhat search engine optimization techniques.

See also:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Search Engine Optimization, Malware, Apple Mac OS, Spyware, Adware & Malware, Cyberthreats, Apple Mac OS X, Operating Systems, Viruses And Worms, Security, Software, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Talkback Most Recent of 104 Talkback(s)

  • LOL
    And so it begins.
    ZDNet Gravatar
    Hallowed are the Ori
    4th May
  • RE: New MAC OS X scareware delivered through blackhat SEO
    @Hallowed are the Ori

    begins? malware is not new on Macs.

    This one is so good it even requires an admin user name and password to get installed and run happy
    ZDNet Gravatar
    doh123
    4th May
  • RE: New MAC OS X scareware delivered through blackhat SEO
    @doh123

    Just like most scareware on Windows. Also I think you will find that most unsuspecting computer users will fall for this and escalate the privileges just like they do on Windows.
    ZDNet Gravatar
    bobiroc
    4th May
  • RE: New MAC OS X scareware delivered through blackhat SEO
    @doh123 This one is so good it even requires an admin user name and password to get installed and run

    Whew... I was worried there for a second. But you've convinced me that there are no gullible Mac users. Thanks for that. wink
    ZDNet Gravatar
    Badgered
    4th May
  • RE: New MAC OS X scareware delivered through blackhat SEO
    @others
    You shouldn't read into things, I just implied its funny, not that its different than Windows, or good or bad or whatever.
    ZDNet Gravatar
    doh123
    4th May
  • RE: New MAC OS X scareware delivered through blackhat SEO
    @doh123

    Hard to get humor out of text sometimes. I guess after years of hearing Mac Users and Linux users saying "Well it requires admin privileges to run" as an excuse to make them feel like they are protected it has to be said that the majority of Malware on the Windows side does too.
    ZDNet Gravatar
    bobiroc
    4th May
  • RE: New MAC OS X scareware delivered through blackhat SEO
    I guess after years of hearing Mac Users and Linux users saying "Well it requires admin privileges to run" as an excuse to make them feel like they are protected...

    It still does, bobiroc. Been using Linux for almost five years now and am still malware free. If that scareware appeared on my Linux screen, I'd laugh.
    ZDNet Gravatar
    ScorpioBlue
    4th May
  • RE: New MAC OS X scareware delivered through blackhat SEO
    @ScorpioBlue

    "It still does, bobiroc. Been using Linux for almost five years now and am still malware free. If that scareware appeared on my Linux screen, I'd laugh."

    I have been using Windows as my primary OS since version 3.0 and have been Malware free for over 10 years. I would laugh too if I ever saw such a thing. The problem is most typical computer users would not as these things are very convincing and prey on the insecurities of people. It is the same reason that people fall for the very popular social engineering attacks that are running rampant on Facebook, Twitter, and Skype which can affect anyone no matter what Operating System they use.
    ZDNet Gravatar
    bobiroc
    4th May
  • RE: New MAC OS X scareware delivered through blackhat SEO
    Ah, but the big difference bobrioc is that I don't have to have anti-virus or anti-malware scanners running in the background all the time. All my software needs are met through the package repository.

    You should try it sometime. Might open your mind up some.
    ZDNet Gravatar
    ScorpioBlue
    4th May
  • RE: New MAC OS X scareware delivered through blackhat SEO
    @ScorpioBlue

    "Ah, but the big difference bobrioc is that I don't have to have anti-virus or anti-malware scanners running in the background all the time. All my software needs are met through the package repository.

    You should try it sometime. Might open your mind up some. "

    Who said I was unfamiliar with Linux? All I said is that Windows is my primary OS but I have and use a MacBook bootcamped with OS 10.6 and Win7 and while I am not a Linux expert by any means I do use the OS both personally and professionally.

    People have been saying you do not need Malware protection on a Mac for years too because they felt the OS would protect them but those days are slowly changing. While I will admit that XP really could done a bit of a better job in terms of similar security Vista and 7 do a pretty damn good job. If people would set up their users as standard that would be a good start.

    I choose not to use Linux as it does not meet my software needs but I also am intelligent enough to know that I need to rely on myself to secure my computer, my home, and my car. Most people are just not willing to put forth the effort for their own personal security and have the "It will never happen to me" attitude.
    ZDNet Gravatar
    bobiroc
    4th May
  • but the need for admin privileges is important
    The need for admin privileges is a good thing, obviously. But since most Macs are personal, home machines ... or those of students ... it's not likely to mean much. Far too many home users will blindly enter their admin credentials when confronted with a dialog box, without giving any thought to what they're allowing to be installed.

    Admin privileges are especially effective in corporate environments, however, where end-users typically don't have admin rights. I don't allow our end-users to have admin accounts. Only IT staff can access an admin account, but even they are required to use a standard account for daily work and only escalate to admin when needed.

    Such a process would prevent -- and does prevent, in the Windows world -- countless infections. But home users all tend to know the admin password ... and conveniently don't read or think about the dialogs.

    Hard to blame Apple or Microsoft for users' own stupidity. Then again, though, it would be good if Apple & MS would sandbox newly-installed (or just user-installed) apps and monitor them for malicious/suspicious behavior and perhaps only allow read-only access to files for sandboxed apps.
    ZDNet Gravatar
    jscott69
    4th May
  • RE: New MAC OS X scareware delivered through blackhat SEO
    @doh123 The very first virus i saw in the wild was on a Mac. Long before even the Internet.
    ZDNet Gravatar
    fairportfan
    4th May
  • RE: New MAC OS X scareware delivered through blackhat SEO
    @doh123 Funny how Apple poked fun at Cancel or Allow and it's the same ****. If you get a user to believe there's a threat they won't have a problem with doing this. This is how a lot of malware spreads in the windows world.
    ZDNet Gravatar
    snoop0x7b
    4th May
  • Didn't I tell you not to base your information on things you find...
    @ScorpioBlue; Ah, but the big difference bobrioc is that I don't have to have anti-virus or anti-malware scanners running in the background all the time.

    ...on the Internet? You'll be much more qualified to discuss these things based on actual experience and not some repetition of one of the worst security recommendations to be found.
    ZDNet Gravatar
    ye
    4th May
  • That's OK ScorpioBlue
    @ScorpioBlue
    so this was geared towards "AV". What if it comes up with a "system alert funtion" of some type that a user may think is a problem needing "correction"

    They'd press the button saying "Macs are great - they even warn you when it detects a hardware issue!! Windows just Blue Screens!"

    "Yes, username, password,"
    ZDNet Gravatar
    Bill Pharaoh
    4th May
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources