toggle

AAPL Stock: 94.72 ( + 0.78 )

Printed from http://www.macnn.com

MACDefender malware evolves into new forms

updated 03:20 pm EDT, Thu May 5, 2011

Name, contents may vary

The MACDefender malware made public on Monday has already mutated into different versions, says security company Intego. A given example is "Mac Security," a fake antivirus program. As with MACDefender an attack begins when a person clicks on a malicious web link. This pops up a fake Windows Explorer window, claiming that a computer is infected with a prompt to remove offending code.

Clicking on Cancel actually begins downloading a ZIP file with an installer inside. Should a person click Install, and then enter their account password, Mac Security can then launch and pretend to find non-existent threats. The app's real purpose is to push people to "register" their copy of Mac Security by paying the malware's creator.

Several versions of the malware are said to be in the wild. Intego adds that these may have different names and/or payloads. They may be relatively easy to protect against though, as if they copy MACDefender and Mac Security they require a victim's permission to install.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. malax

    Joined: Dec 1969

    +3

    sloppy word choice

    The malware hasn't "mutated" like some out-of-control organism. They have just released new rebranded versions.

    I hope they catch these guys and nail them on felony fraud charges.

  1. legacyb4

    Joined: Dec 1969

    +7

    and i would believe

    that a Windows Internet Explorer popping up on my Mac would actually be valid because???

  1. Mr. Strat

    Joined: Dec 1969

    +4

    It's FUD time again

    Yeah, I'll let a producer of anti-virus software warn me that I'd better be using their product to be safe.

  1. ElectroTech

    Joined: Dec 1969

    0

    fake Windows Explorer window?

    What the heck is a fake Windows Explorer window?

  1. gskibum3

    Joined: Dec 1969

    +2

    LOL

    I had a user at one of my client locations fall for this today. I've always known she isn't the brightest bulb in the box. When I was listening to her call I wasn't the least bit surprised that she was the one that got taken in.

    Fortunately it didn't get as far as entering credit card info.

    I wish I could find whatever site she was on when she was first prompted.

    Removing this is a breeze. Especially compared to the Windows 7 box I cleaned of Windows Defender a couple of weeks ago. That system was completely mauled. And the user had provided 2 credit card numbers before all was said and done!

  1. Cronocide

    Joined: Dec 1969

    +3

    "Should a person click Install,

    and ENTER THEIR PASSWORD,"

    That's the real key, isn't it? Nay script kiddie could build one of those. A REAL virus could do malicious stuff WITHOUT asking you for your password.

  1. Cronocide

    Joined: Dec 1969

    +1

    "Should a person click Install,

    and ENTER THEIR PASSWORD,"

    That's the real key, isn't it? Nay script kiddie could build one of those. A REAL virus could do malicious stuff WITHOUT asking you for your password.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Razer Kraken Pro headset

Gaming headphones are a challenge to get right, for a long list of reasons that are unique to the consumer buying them. Some shoppers ...

Patriot Aero Wireless Mobile Drive

Regardless of how large a tablet you buy, you always want more space. There's always one more movie or another album you'd cram on, ...

Patriot Fuel+ 6000 and 9000mAh batteries

Mobile device batteries are better than they used to be, but there's always a scenario where users could use more juice. Upgrade manu ...

toggle

Most Commented