Fresh Malicious Program Seeks to Attack Mac OS, States Intego
According to Intego the security company, its researchers have found fake anti-virus software, which specially tries to attack Mac computers.
The company, which identified the AV as MACDefender, says that the malware tries to aim at Mac users via attacks based on Search Engine Optimization poisoned websites, so their links can be placed on higher rankings within search results.
But if these links are clicked, users land up on an Internet site, which unusually exhibits a phony MS Windows screen having a moving picture of an act of malware scan.
The infected users are then recommended that they should click the tab -"Open safe files after downloading in Safari." With this, the condensed file so long zipped will extract itself following which it'll introduce an installer exhibiting a MACDefender Setup Installer invitation screen for affected users.
Stated Intego, users would require feeding their admin password so that the malware would get installed.
But, since the fake software places itself on the launch menu of the infected PC devoid of a dock icon, difficulty arises in its leaving the system.
Luckily though, this fake AV has low risk as well as isn't yet largely prevalent.
Indeed, the malware is quite easy to eliminate too incase it infects a PC. For that end-users require using the Activity Monitor within the Applications > Utilities menu for deactivating anything associated with MACDefender. Thereafter, it must be ensured that no references exist for the malware application within Library/StartupItems alternatively within the LaunchDaemons and LaunchAgents. After this "MACDefender" should be moved from Applications to Junk folder following which the latter must be deleted. Lastly, by utilizing Spotlight Search, all remaining references should be detected and eliminated.
Eventually, Intego advises all users of Mac that they should load anti-virus software and close the "Open safe files after downloading" tab while never load AV software, which may emerge on any arbitrary site.
Related article: Fark.com Files Suit against Suspected Hacker from Fox13
» SPAMfighter News - 06-05-2011