Malware: OSX/MacDefender.A
Risk: Low; in the wild, but not very widespread for now
Description: Intego has discovered a fake antivirus program called MAC Defender, which targets Mac users via SEO poisoning attacks (web sites set up to take advantage of search engine optimization tricks to get malicious sites to appear at the top of search results). When a user clicks on certain links after performing a search on a search engine such as Google, they are sent to a web site that displays a fake Windows screen with an animated image showing a malware scan; a window then tells the user that their computer is infected. After this, JavaScript on the page automatically downloads a file. The file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (“Open ‘safe’ files after downloading” in Safari, for example), will open. The file is decompressed, and the installer it contains launches presenting a user with the following screen:
If the user continues through the installation process, and enters an administrator’s password, the software will be installed.
Continue http://blog.intego.com/2011/05/02/intego-security-memo-macdefender-fake-antivirus/
Nessun commento:
Posta un commento