Voice of the Industry
New Mac "Rogueware" Alert
By Richard Romano
Published: May 7, 2011
Back in 1998, I was working for Micro Publishing News, and I got a call from one of our printers. (That is, one of our print service providers; our network printers rarely spoke to me. Today, though, I have a “green” printer that, every time I try to print an e-mail, yells at me, “You don’t want to print that! Think of the environment!”)
Anyway, our print service provider said, “One of your Zip disks [remember those?] gave us a virus. We lost a lot of stuff.” We were a 100% Mac office, so I was stunned. A virus? On the Mac? If it had been Victorian England, my monocle would have popped out of my eye and ladies would have fainted. But, yes. A virus. On the Mac. These were the infamous “autostart worms” which—after running out and getting an antivirus program—I discovered had infected most of our computers. Contrary to popular belief, there are actually viruses on the Mac platform (i.e., SevenDust wasn’t just the name of a band), especially today. Back in the 90s, we used to joke that the Mac was such an unpopular platform that the hackers didn’t even bother writing malware for it.
So I was not entirely surprised when the other day a number of friends and colleagues—some of whom were Windows users, so I detected a certain “nyah” factor—forwarded me stories of a new Mac malware alert. It’s not a virus per se, but is rather something called “rogueware.” Says Computerworld:
The program, dubbed MAC Defender, is similar to existing “rogueware,” the term for bogus security software that claims a personal computer is heavily infected with malware. Once installed, such software nags users with pervasive pop-ups and fake alerts until they fork over a fee to purchase the worthless program.
Sounds like Norton Antivirus—oh, but I kid Norton Antivirus... The story goes on:
Th[e] campaign is currently exploiting the hot news topic of Bin Laden's death to get people to click on links that redirect their browsers to the rogueware downloads. The scammers have used “black hat” SEO (search engine optimization) tactics to push links to rogueware higher on Google Images' search results.
But that’s not the only way Mac owners have been duped into installing MAC Defender.
On Saturday—the day before President Obama announced the killing of Bin Laden—messages from infected users began appearing on Apple’s support forums.
“FYI, my daughter said the program started after clicking on a ‘hair style photo,’” added “Mr. Fix It Home Services” on the same support thread. Others reported stumbling upon MAC Defender after searching for images of prom tuxedos or for pictures of a character in the movie “Princess Bride.”
How does the scam work?
unless users have Safari set not to automatically open files after downloading, MAC Defender’s installation screen opens without any user action. That’s been enough to con some into approving the install by typing their administrative password.
The program also relies on an unusual technique to make users pay up.
“Every few minutes, it opens a porn page in the browser,” said James of MAC Defender. “We think they’re doing this because most people will assume that that means they’ve got a virus on their Mac, and they need to get rid of it by paying for the program.”
MAC Defender demands $60–$80, depending on whether users select a one-year, two-year or lifetime “license.”
Mac users running Safari can prevent MAC Defender from automatically opening after it downloads by unchecking the box marked “Open ‘safe’ files after downloading” at the bottom of the General tab in the browser’s Preferences screen.
So let’s be careful out there!