Page 1 of 1

Windows-look security hoax=MACDefender

Posted: Wed May 04, 2011 8:46 am
by Stephen Hart
I read the quoted post on Macintouch today.
Yesterday, I was helping my wife's mother with exactly the same popup. She was looking for information on house plant care. As far as I could tell over the phone, Safari crashed or hung up when the popup appeared, and only force quitting got her out of the fix.
I don't think this is MACDefencer, but a similar Windows hoax/phishing trip.

Note: I have tried to open this URL, but couldn't get it to work. I recommend avoiding this hoax.
Steven MacDonald
Is this "MacDefender"?
I was looking for an image of a tree pest on google and got this link:

Code: Select all &imgrefurl= &usg=__GmXIjh038pnTW1Pv6sTO6b_5Wf0=&h=1024&w=1280&sz=322 &hl=en&start=10&sig2=5H8FirggVqA3sfvOk_fhxA&zoom=1&tbnid=wALhpWghNyR_oM: &tbnh=120&tbnw=150&ei=xZDATZqFM-XRiAKSlrWXAw&prev=/search%3Fq%3Dbirch%2Bbark %2Bborers%26um%3D1%26hl%3Den%26client%3Dsafari%26sa%3DN%26rls%3Den%26biw %3D1526%26bih%3D1238%26tbm%3Disch&um=1&itbs=1
Immediately the Safari page shrunk to about 60x60 pixels and a message popped up saying "Windows Security has found critical process activity on your PC and will perform fast scan of system files". I force quit Safari.
When I looked in history it is called "Fast Windows Antivirus 2011" I did it twice but it returned two different addresses with the same name.
If I try going to either site from History I get the Apple "this might be malware" warning. Somehow that warning is bypassed when the image I was looking for is clicked.
I have never let it continue it's course to see if it tries to run an installer. I just force quit Safari.
Going to the above image from Google on Firefox or Chrome gives the same result.

Re: Windows security hoax

Posted: Fri May 06, 2011 9:26 am
by Stephen Hart
What I was helping with might have been the variant of MacDefender shown in this video.

Note that this trojan horse does not bypass OS X's normal security. It requires several steps by the user.
The video is worth watching. Count how many mistakes the user has to make.

(This is like when people get in trouble hiking in the mountains. It's often several consecutive mistakes that add up to a real problem.) ... antivirus/

Re: Windows security hoax

Posted: Fri May 06, 2011 9:41 am
by bluesky
MACDefender malware evolves into new forms
updated 03:20 pm EDT, Thu May 5, 2011

Name, contents may vary

The MACDefender malware made public on Monday has already mutated into different versions, says security company Intego. A given example is "Mac Security," a fake antivirus program. As with MACDefender an attack begins when a person clicks on a malicious web link. This pops up a fake Windows Explorer window, claiming that a computer is infected with a prompt to remove offending code.
Clicking on Cancel actually begins downloading a ZIP file with an installer inside. Should a person click Install, and then enter their account password, Mac Security can then launch and pretend to find non-existent threats. The app's real purpose is to push people to "register" their copy of Mac Security by paying the malware's creator.

Several versions of the malware are said to be in the wild. Intego adds that these may have different names and/or payloads. They may be relatively easy to protect against though, as if they copy MACDefender and Mac Security they require a victim's permission to install.

Read more: ... z1Laxpdnvq