Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Security researchers have discovered a rogue antivirus program and a separate, advanced malware toolkit that specifically target Mac users.
The MACDefender rogue antivirus was discovered by Intego and it is reported to be circulating on malicious sites and reportedly Google's image search.
It is downloaded as a compressed file that contains JavaScript, and once installed, generates a string of fakes virus alerts before asking users to pay up to US$90 ($82) to purchase a copy of the software to 'remove' the infections.
Rob VandenBrink, incident response handler at the US-based SANS internet storm centre, said the file will automatically execute if the option to "open safe files after downloading" is enabled in the Mac Safari web browser.
"I'd suggest that OSX users disable [the feature] and also invest in a reasonable anti-malware suite," VandenBrink said in a blog post. "Installing a real anti-malware package is also a good idea (no matter what the Apple Fans say)."
Separately, Danish research firm CSIS said overnight that it had spotted the first "advanced do-it-yourself" kit designed to create malware for Mac OS X on offer in underground forums.
The kit, dubbed Weyland-Yutani BOT, steals information from Mozilla Firefox forms in the same way as the Zeus and Spyeye trojans. Authors have promised to include web browsers Safari and Google's Chrome in future releases.
"Detailed information about this crimeware kit is not being leaked publicly and the authors of the kit are obviously trying to stay below the radar allowing only vetted users of the forums to see most of the content," CSIS spokesman Peter Kruse said.
The crime kit costs US$1,000 ($912) and will soon be updated to allow malware to be written for both the Apple iPad and Linux operating systems, according to CSIS.
It is built similar to Windows alternatives and includes a builder, an admin panel and supports encryption, Kruse said.
Perhaps the first indication that the Mac malware was being developed was when Kaspersky researcher Kurt Baumgartner last month spotted a reference to "macbook" in a co.cc subdomain that was notorious for distributing malware.
At the time, that domain was still hawking Windows-based rogue antivirus, and it wasn't enough to convince Baumgartner that malware writers had begun targeting the previously sheltered Mac platform.
MACDefender installations currently far more easily removed than equivalents on Windows machines. The malware can be uninstalled straight from the application install list.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.