Intego has discovered a rogue anti-malware program called MACDefender, which attacks Macs via SEO poisoning attacks.
When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file. The file will auto extract and launch the setup for a fake virus detection program called MACDefender.
MAC Defender also opens web pages for pornographic web sites in the users web browser every few minutes. This is most likely to make users think that they are infected by a virus, and that paying for MAC Defender will relieve them of the problem.
Clicking the Register button on the About screen takes users to a web page where they can purchase a license for the program: either a 1-year, 2-year, or lifetime license. Users are asked to provide a credit card number, and the web page used is not secure. The scam here is to charge users for a program that doesnt do anything; the virus warnings presented are bogus, and after paying, they no longer display, so users think the program has done something useful. It is also possible that these credit card numbers, given via an unsecure web page, could be used for other purposes.
Intego has updated its VirusBarrier X5 and VirusBarrier X6 (www.intego.com/virusbarrier/) protect users from this malware with malware definitions dated May 2, 2011 or later.
Read More
When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file. The file will auto extract and launch the setup for a fake virus detection program called MACDefender.
MAC Defender also opens web pages for pornographic web sites in the users web browser every few minutes. This is most likely to make users think that they are infected by a virus, and that paying for MAC Defender will relieve them of the problem.
Clicking the Register button on the About screen takes users to a web page where they can purchase a license for the program: either a 1-year, 2-year, or lifetime license. Users are asked to provide a credit card number, and the web page used is not secure. The scam here is to charge users for a program that doesnt do anything; the virus warnings presented are bogus, and after paying, they no longer display, so users think the program has done something useful. It is also possible that these credit card numbers, given via an unsecure web page, could be used for other purposes.
Intego has updated its VirusBarrier X5 and VirusBarrier X6 (www.intego.com/virusbarrier/) protect users from this malware with malware definitions dated May 2, 2011 or later.
Read More