Intego has discovered a rogue anti-malware program called MACDefender, which attacks Macs via SEO poisoning attacks.
“When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file,” Intego reports. “In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open ‘safe’ files after downloading in Safari, for example), will open.”
Intego reports, “It is important that users not continue with any unexpected installation of this type. Intego VirusBarrier X6′s malware definitions will be updated today, and Intego will be publishing a security memo when we have more information about this malware. For now, the threat is low, but users should be careful not to install software when installers open unexpectedly.”
Read more in the full article here.
More about SEO poisoning via Symantec SEO Poisoning here.
MacDailyNews Note: Here’s our usual oft-repeated reminder for Mac users and anyone who’s trying to use any other platform: Do not download and authorize the installation of applications (Trojans) from untrusted sources. No OS can protect users from themselves (or we wouldn’t be able to install any software). Those who grant attackers access to their Macs, should not be surprised to find their Macs are compromised.
My organization has been hit 3X in the last 2 weeks by SEO poisoning on our XP boxes running McAffee Enterprise Version, Microsoft Security Essentials, Google Chrome and DNS resolution from opendns. They always come from a *.cc domain. I don’t understand why they give everyone administrator accounts.
For now, the threat is low, but users should be careful not to install software when installers open unexpectedly.
Users should also be careful not to give out their name, birth date, and social security numbers to telemarketers.
Additionally, users should also take care not to give out copies of their house and car keys to strangers they meet on the street.
Good thing we have Intego around to tell us these things, otherwise nobody would know what to do!
But Intego doesn’t say anything about taking candy from strangers, so that must be okay.
That’s a long ago debunked rumor.
Candy from strangers is in fact more tasty than from people you know. 😉
I find it mildly curious that Intego stops explaining right before the step that your Mac will ask for an admin name and password.
Oh that’s right, this malware program can’t do anything unless you authorize it.
Thanks MDN, you guys neglected to include that step. The original article has it.
we are doomed ;-(
cmd-alt-esc, then enter. end of problem.
..and so it begins.
$1,000,000,000.00 to anyone who iCal’d this one.
Are those software downloads that represent themselves as from “Adobe Reader” safe?
Anything from adobe is pretty much malware.
Windows is a virus.