Microsoft said this anniversary that it has affirmation of a articulation amid the affected aegiscomputer appliance now afflictive Mac users and a hard-charging ancestors of similarcomputer appliance on Windows.
Phony aegis software, labeled "rogueware" and "scareware" by experts, has continued been a huge arrow in Windows' side. But beforehand this ages advisers appear the assay of a Mac-specific betray that claims the apparatus is heavily infected.
Once installed, thecomputer appliance nags users with common pop-ups and affected alerts until they angle over a fee to acquirement the abandoned program.
To get rid of the program's alerts -- and the casual pornographic folio that ancestor up in the browser , a fresh aberration advised to accomplish victims anticipate their computers accept been hijacked -- abounding Mac owners pay the $79.50 "registration fee" for the abandoned program.
Mac users accept appear actuality bamboozled into downloading the affectedcomputer appliance on Apple 's abutment forums and accretion numbers to Mac-centric antivirus bell-ringer Intego, which has articular at atomic three names for the aforementioned product: MacDefender, MacSecurity and MacProtector.
The artificial affairs is believed to be the aboriginal aegiscomputer appliance betray on the Mac.
On Tuesday, engineers who assignment for the Microsoft Malware Protection Center (MMPC) said that users who appointment a Web folio assuming as a chargeless online virus scanner get served either Mac or Windows scareware.
"This administration basic reads the client's [browser] user abettor in adjustment to anticipate the operating system, and again serves up a awful appliance advised for that operating system," said Hamish O'Dea and Tareq Saade on the MMPC blog .
The armpit delivers scareware dubbed "Win32/Winwebsec," while Macs get "MacOS_X/FakeMacdef," O'Dea and Saade said, application Microsoft's labels for the OS-specific versions of the affected aegis software.
There's additionally affirmation that the aforementioned cyber criminal, or assemblage of scammers, created both versions.
O'Dea and Saade cited several similarities in the cipher of the two affected aegis programs, including nearly-identical URLs as the destination for "phone home" transmissions, agnate Web addresses for the acquirement pages of the pair, and administration the aforementioned acquittal gateway, the armpit area users access their acclaim agenda advice to shop for the abortive utilities.
For the latter, a filename change from "buy.php" to "mac.php" alters the aperture from the Windows to the Mac version.
Microsoft's engineers additionally doubtable that the maker of both pieces of scareware is Russian.
"FakeMacdef contains best of its assets in a agenda called "ru.lproj," as against to "en.lproj" ... this strengthens our suspicion that the developer may be Russian," O'Dea and Saade said.
Winwebsec, the appellation of the Windows allotment of the duo, is a fast-climbing ancestors of scareware, according to a contempo Microsoft assay of 2010's blackmail landscape.
In the tenth aggregate of its semi-annual aegis intelligence address -- which was appear aftermost anniversary -- Microsoft said that its chargeless malware charwoman apparatus had detected and deleted Winwebsec on over 600,000 Windows PCs in the fourth division of 2010.
Although it wasn't amid the best abounding scareware variants for the absolute year, Winwebsec was the third-most-common affected aegis ancestors in the aftermost three months of 2010, exhausted alone by "FakeSpypro," which had bifold the cardinal of infections than any added throughout the year, and "FakePAV," scareware that masquerade's as Microsoft's own Aegis Essentials software.
Microsoft archival scareware deletions from abstracts provided by the Awful Computer appliance Removal Tool, a chargeless account the aggregation updates account and pushes to Windows users.
Microsoft's O'Dea and Saade told Mac users to advance in an antivirus affairs congenital for the Mac to accumulate FakeMacdef off their machines, or to abolish it already there.
Several antivirus vendors arresting in the Windows bazaar -- such as Symantec -- additionally advertise Mac aegis software, while others, including Sophos and the Mac-only Intego , action chargeless or chargeless balloon antivirus programs.
No comments:
Post a Comment