Everything You Need to Know About Mac Scareware

How pervasive is MacDefender? No one really knows.

A back-of-the-envelope estimate by Ed Bott, a ZDNet blogger who usually writes about Windows but has dealt out a series on MacDefender, put the number of infections between 60,000 and 125,000.

While security firms that sell Mac antivirus software have not tossed out numbers like that, at least one -- Intego -- has cited Bott's estimates and concluded that "this fake antivirus has been extremely effective in tricking Mac users."

Today, Finnish antivirus company F-Secure said it had seen "a significant rise on infections with the Mac rogue Trojans," but didn't specify the raw numbers or the rate of increase in infections.

Companies like Intego, of course, have an interest in touting MacDefender's ubiquity: They sell antivirus software for the Mac.

F-Secure, in fact, launched its first Mac-specific product today.

Symantec, which has one of the world's largest network of malware sensors and "honeypot" systems -- and also sells Mac security software -- said it didn't have "much if anything, in the way of hard data/numbers" on the Mac scareware campaigns.

Bottom line: There's no solid evidence yet on how many Mac users are falling for the con.

Why the Mac? Why now? The question should be, "Why not before this?"

Scareware has hammered Windows users for years, and remains a very popular way for criminals to make money. According to Microsoft's latest security intelligence report, the company's MSRT cleaned millions of scareware-infected Windows PCs last year.

Both Intego and Microsoft have reported connections between MacDefender and a gang responsible for one of the biggest Windows scareware families.

Intego has said that the group simply added MacDefender to its scam arsenal by developing the Mac-specific fake antivirus program, then seeded it to the same malicious sites that were already serving up Windows scareware, in effect getting a bigger bang for its buck.

Apple's increased sales of Macs may have triggered the move by the gang. While Windows PC sales have stalled -- and still greatly outnumber Mac sales -- Apple's sales of desktops and notebooks has outpaced PC sales for 20 consecutive quarters.

Where there's a market for malware, there's malware.

What can I do to keep MacDefender and its like off my Mac? Lots of things, actually.

For one, be wary of search results on hot news topics, since scareware scammers constantly "poison" those results to push their sites higher on the list. When MacDefender first appeared, it was spread through sites that ranked high on Google Image searches, and those resulting from searches for information on Osama Bin Laden's death.

For another, don't install anything you haven't downloaded yourself.

If you browse with Safari, head to its Preferences screen, then uncheck the box marked "Open 'safe' files after downloading" at the bottom of the General tab: That keeps Safari from automatically opening the installation screen of MacDefender.

Only type in your account password when installing software you actually want and asked to be installed. If the account password dialog pops up and you don't know why, don't enter your password.

Speaking of accounts, the newest MacGuard scam doesn't require a password when you're running under an administrator account. You might want to switch to a standard account instead, which will prompt you for a password when MacGuard tries to install. Check out this Apple support document for how to set up a standard account in Snow Leopard.

Don't pay for security software you haven't asked for. Don't enter your credit card information in any prompt to register such software.

Consider adding an antivirus program to your Mac. Sophos gives one away free, and others, including F-Secure, Intego and Symantec, sell products that will block scareware and remove it if it's infected your machine.

Poisoned Google Image results steer victims to Mac scareware downloads. (Video: F-Secure.)

Is the Mac now in the same security boat as Windows PCs? Not by a long shot.

Windows remains the most popular target for hackers because it's the most popular platform on the planet. But the appearance of MacDefender marks a change in criminal tactics that you'd be foolish to ignore. Scammers are nothing if not copy-cats.

I want a crystal ball...what's next for Macs and malware? Assume that MacDefender is the first of a wave of scareware aimed at Macs. Any success by MacDefender's makers will likely be copied by other groups that already have experience shilling bogus security software to Windows users.

And there are certainly steps those criminals can take that will up their game, whether that's using unpatched browser or plug-in vulnerabilities to exploit a Mac -- and then silently plant scareware on the computer -- or relying on other long-practiced social engineering tactics, including spam that draws users to malicious sites or files attached to email messages that purport to be legitimate documents but are in actuality a scareware installer.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His e-mail address is gkeizer@computerworld.com.

Subscribe to the Security Watch Newsletter

Comments