Monday, May 2, 2011

Mac users hit with Anti-virus scam when using Google Image Search.

This article is a direct reposting of an article by Sophos. All images and content in this message are from them unedited, I claim no rights to their content, simply spreading the word.
A massive SEO poisoning attack has hit Google, targeting Windows and Mac users alike. From rather innocuous terms related to global warming, to hot topics like Osama bin Laden's death, users are being hit with fake anti-virus programs, this time delivering payloads to users of Apple's Mac OS X.
JavaScript Fake AV scannerStrangely when surfing to the compromised URLs you are first prompted with a JavaScript-based fake scanner that appears to show an infected Windows XP computer, even when surfing from a Mac.
When you click or close the fake scanner page you are prompted to download a .zip file onto your Mac with a filename like "".
Some of the downloads are a package installer that installs the fake software; others simply a contain ready-to-run Mac application.
Fake AV for Mac installer/download
In a similar social engineering trick as we have seen in Windows fake scanners it pretends to be a legitimate Mac anti-virus program calledMacDefender.
The scanner doesn't actually touch the hard disk while "scanning", although on a Mac it can be hard to know without a hard disk light.
It pretends to find some very important things that may have been compromised, such as the Terminal application and the standard Unix utilitytest, also known to Unix shell programmers as [.
Mac fake scan results
Credit card at risk warningIt uses a lot of social engineering including redirecting your browser to rather offensive porn sites, although it does not appear they are doing this to make money, simply to imply that you are infected.
It also uses scare tactics like your credit card data being at risk. The reality is that your credit card is only at risk if you actually try to purchase the fake software.
Buy fake Mac AV

No comments:

Post a Comment

Comments are moderated before they appear on the site, so it may take a few minutes before your comment appears.