Windows-look security hoax=MACDefender

Discussion of general issues, not related to a specific Mac or iDevice operating system.
Post Reply
User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3039
Joined: Thu Apr 07, 2011 10:09 am

Windows-look security hoax=MACDefender

Post by Stephen Hart » Wed May 04, 2011 8:46 am

I read the quoted post on Macintouch today.
Yesterday, I was helping my wife's mother with exactly the same popup. She was looking for information on house plant care. As far as I could tell over the phone, Safari crashed or hung up when the popup appeared, and only force quitting got her out of the fix.
I don't think this is MACDefencer, but a similar Windows hoax/phishing trip.

Note: I have tried to open this URL, but couldn't get it to work. I recommend avoiding this hoax.
Steven MacDonald
Is this "MacDefender"?
I was looking for an image of a tree pest on google and got this link:

Code: Select all

http://www.google.com/imgres?imgurl=http://artsite.me/2d/wp-content/uploads/2011/02/Silver-Birch-Bark.jpg &imgrefurl=http://promosite.lt/birch-tree-bark &usg=__GmXIjh038pnTW1Pv6sTO6b_5Wf0=&h=1024&w=1280&sz=322 &hl=en&start=10&sig2=5H8FirggVqA3sfvOk_fhxA&zoom=1&tbnid=wALhpWghNyR_oM: &tbnh=120&tbnw=150&ei=xZDATZqFM-XRiAKSlrWXAw&prev=/search%3Fq%3Dbirch%2Bbark %2Bborers%26um%3D1%26hl%3Den%26client%3Dsafari%26sa%3DN%26rls%3Den%26biw %3D1526%26bih%3D1238%26tbm%3Disch&um=1&itbs=1
Immediately the Safari page shrunk to about 60x60 pixels and a message popped up saying "Windows Security has found critical process activity on your PC and will perform fast scan of system files". I force quit Safari.
When I looked in history it is called "Fast Windows Antivirus 2011" I did it twice but it returned two different addresses with the same name.
If I try going to either site from History I get the Apple "this might be malware" warning. Somehow that warning is bypassed when the image I was looking for is clicked.
I have never let it continue it's course to see if it tries to run an installer. I just force quit Safari.
Going to the above image from Google on Firefox or Chrome gives the same result.
Last edited by Stephen Hart on Tue May 10, 2011 9:16 am, edited 2 times in total.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3039
Joined: Thu Apr 07, 2011 10:09 am

Re: Windows security hoax

Post by Stephen Hart » Fri May 06, 2011 9:26 am

What I was helping with might have been the variant of MacDefender shown in this video.

Note that this trojan horse does not bypass OS X's normal security. It requires several steps by the user.
The video is worth watching. Count how many mistakes the user has to make.

(This is like when people get in trouble hiking in the mountains. It's often several consecutive mistakes that add up to a real problem.)

http://blog.intego.com/2011/05/05/integ ... antivirus/
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
bluesky
Forum Member - Level 3
Forum Member - Level 3
Posts: 114
Joined: Tue Apr 12, 2011 7:03 am
Location: Sequim-Port Angeles
Contact:

Re: Windows security hoax

Post by bluesky » Fri May 06, 2011 9:41 am

MACDefender malware evolves into new forms
updated 03:20 pm EDT, Thu May 5, 2011

Name, contents may vary

The MACDefender malware made public on Monday has already mutated into different versions, says security company Intego. A given example is "Mac Security," a fake antivirus program. As with MACDefender an attack begins when a person clicks on a malicious web link. This pops up a fake Windows Explorer window, claiming that a computer is infected with a prompt to remove offending code.
Clicking on Cancel actually begins downloading a ZIP file with an installer inside. Should a person click Install, and then enter their account password, Mac Security can then launch and pretend to find non-existent threats. The app's real purpose is to push people to "register" their copy of Mac Security by paying the malware's creator.

Several versions of the malware are said to be in the wild. Intego adds that these may have different names and/or payloads. They may be relatively easy to protect against though, as if they copy MACDefender and Mac Security they require a victim's permission to install.


Read more: http://www.macnn.com/articles/11/05/05/ ... z1Laxpdnvq
"All computers wait at the same speed."

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest