Beware MAC Defender: OSX malware disguised as anti-virus software

mac-defender-main-screen.jpg

A new piece of malware is spreading, notable because it targets computers running Mac OS X, rather than Windows. Reports of the trojan "MAC Defender" (aka Mac Protector, aka Mac Security) first surfaced on May 2, but the malware has since morphed and proliferated.

The basics: it spreads as search engine optimization (SEO) poisoning, using popular search terms for prominent search engine results.

More: PC World, MacWorld, Ars Technica, Fortune, and a full description updated today at SecureMac.com.

And if you are a Mac user, now is as good a time as any to consider installing *actual* anti-virus and malware scan apps. Intego's VirusBarrier, Sophos and MacScan are several with free demo versions.

Apparently, "osama bin laden" is one of the popular search terms used to deploy. I just encountered a MAC Defender come-on page in Safari after clicking on a poisoned msnbc.com link via Twitter, hence the inspiration for this blog post. Pretty sure one of the remnant ads on msnbc.com served it. The serving IP is below, load it at your own risk, I paste it for informational purposes only.

http://178.17.162.163/7d81dd5ca78c961d206fb04f2f1709c2fbc6f0515ca0adda

Loading...