16 Jan 2008 08:33
Mac users have been warned by F-Secure against downloading a free "rogue" security application, MacSweeper.
According to the Finnish antivirus company, the application is reminiscent of scams that often target Windows users.
By making the intended victim believe they have a virus, the distributors of MacSweeper hope to sell software to the concerned user, said F-Secure.
"It claims to clean compromising files from your Mac and it will always find something to fix/clean, but the only way to do so is to buy the program," explained F-Secure threat response manager, Patrik Runald, in a blog post.
"[It's] designed to trick people into thinking that they have security problems and that the only way to solve them is to buy the software. Until now this issue has been a Windows-only problem, but that's not the case anymore," added Runald.
Runald said further evidence that MacSweeper is "a scam" is "the fact that when you visit the MacSweeper website with a PC and click on 'Scan', it will tell you that you have security vulnerabilities in folders like system_root/home [a folder that doesn't exist]."
Runald blamed the increasing user base of Mac OS X for the emergence of such "scams".
"Mac users will increasingly come under attack from bad guys and this new rogue application and the constant stream of new variants of [Mac Trojan] DNSChanger is proof of that. It doesn't mean that Mac is becoming less secure in and of itself. But it does mean that Mac users will have to watch out for social-engineering tricks just like Windows users have had to do for years," Runald added.
The distributors of MacSweeper — apparently a company called Kivvi Software — also copied security company Symantec's "About us" statement on its website and replaced its name with their own, Runald said.
In a reply to Runald's blog post by a "Macsweeper developer" on Wednesday, the poster claimed Macsweeper developers were "trying to make a good software [sic]".
"I would like to explain all the situation, about MacSweeper [sic]," said the post. "We are really trying to make a good software [sic], and you won't find any viruses/spyware/Trojans/malware in MacSweeper (test it yourself, if you don't believe me, you can use any type of firewalls, dissemblers, or other tools) [sic]."
According to the "developer", Kivvi Software is using sales partners that "forces us to use this marketing type [sic]".
"I would like to say sorry for all inconveniences that we could bring to you, but believe MacSweeper is meant to be a useful application," the "Macsweeper developer" added.
Late last year, security vendor Intego claimed to have found the first Trojan targeting Mac OS X Tiger: DNSChanger. The malware distributors attempted to infect Macs by offering a video-streaming decoder — a codec — that the distributors claimed could decode porn that was not viewable through QuickTime. Like this latest scam, the distributors used social-engineering techniques to trick users into downloading the software.
The Trojan worked by changing a Mac's DNS settings to redirect victims to porn websites. F-Secure later reported it had discovered 32 variants of the Trojan and said it was related to the group distributing the Zlob Trojan.
Story URL: http://news.zdnet.co.uk/security/0,1000000189,39292164,00.htmCopyright © 1995-2010 CBS Interactive Limited. All rights reserved
ZDNET is a registered service mark of CBS Interactive Limited. ZDNET Logo is a service mark of CBS Interactive Limited.