Friday's news was dominated by issues relating to Apple and the exploitation of a rogue anti-virus for the Mac OS.
There is not much to say about rogue anti-virus that you do not already know, it looks like security software and installs like it too, and unaware users are easily fooled into downloading malware because of an alert.
However with MACDefender, what we see is malware that opens web pages for pornographic websites in the user's web browser every few minutes, convincing users that they are infected by a virus and that paying for MACDefender will relieve them of the problem.
Mac security firm Intego said that clicking the ‘register' button on the ‘about' screen takes users to a page where they can purchase either a one-year, two-year or lifetime licence for the program.
“Users are asked to provide a credit card number and the web page used is not secure. The scam here is to charge users for a program that doesn't do anything; the virus warnings presented are bogus and after paying, they no longer display, so users think the program has done something useful. It is also possible that these credit card numbers, given via an unsecure web page, could be used for other purposes,” Intego said.
From the sound of it, this is a pretty basic but clever way of scaring the user. Commentators were unanimous in their belief that this alert signals the arrival of genuine Mac malware.
Karel Obluk, chief scientist at AVG, said that usage of the platform has reached a critical level at which it has become a profitable target for malware developers. He said: “This marks a watershed in OS X's user experience, after which users will have to be more vigilant about their security online and will need to take actions to protect themselves against online threats.”
David Harley, CEO of Small Blue-Green World and administrator of the Mac Virus website, said that MACDefender uses other names and is not actually the first Apple-targeted rogue anti-virus, but it is certainly the most successful so far.
“The promotional search engine optimisation (SEO) and infection techniques used to lure victims into parting with their credit card info are pretty much the same as those currently used for Windows rogue anti-virus. That's not surprising of course, because it works,” he said.
“Also, some Mac malware is clearly related to certain Windows malware, so there are probably cases where the same gang is working on both platforms, although they're still focusing mostly on the larger user population.”
Luis Corrons, technical director of PandaLabs, said that he believed that the attack is not particularly widespread, but it is important because it shows that there is a growing interest in developing malware for Mac and that cyber criminals are looking at it as a potential revenue market.
Eddy Willems, security evangelist at G Data, agreed with Harley and Corrons, saying that it is logical that with the popularity of the Mac platform it would be targeted much more.
“It is down to the popularity of the brand and is a logical evolution in my opinion, the iPad is to blame in this whole venture as people not using Apple before now are, and they wonder why fake anti-virus comes to the Mac. It is not that widespread yet due to the popularity,” he said.
So Mac malware is worth taking note of, as is the ease at which it can be downloaded by users. I asked Jericho Forum board member Guy Bunker what he thought about developing threat. He also agreed that Mac users are becoming ‘increasingly vulnerable to malware', as the platform is becoming more readily adopted by mainstream users.
He said: “Cyber criminals go for ‘low hanging fruit', i.e. those devices which are least well secured and that there are enough users to make it worthwhile developing the exploit. The Mac crowd are now in this category.
“Previously they thought they were ‘immune' to attack because there weren't any, there always were but they didn't surface that often. Why would you spend time and effort on a vulnerability/exploit when only a few per cent of the planet could be targeted?”
Whether the Apple fans like it or not, it seems that the seal of Mac malware has finally been broken by MACDefender and it is likely that this will be followed by other copycat nasty stuff. My concern is that the belief of immunity will be what many use as a security strategy, putting them in an unprotected place.