Mac users are being warned against downloading a "free" rogue security application, MacSweeper, which guarantees to find a virus on Apple systems.
False positives: MacSweeper guarantees to find a virus.
Finnish security company F-Secure says the application is reminiscent of scams that often target Windows users.
By making the intended victim believe they have a virus, the distributors of MacSweeper hope to sell software to the concerned user. Should a user make a purchase, they will find themselves paying for software that simply doesn't work.
"It claims to clean your Mac from compromising files and it will always find something to fix/clean but the only way to do so is to buy the program," explained F-Secure threat response manager, Patrik Runald, on his blog.
"They're designed to trick people into thinking that they have security problems and that the only way to solve it is to buy the software. Up until now this has been a Windows-only problem but that's not the case anymore," said Runald.
Runald blames the increasing user base of Mac OS X for the emergence of such scams.
"Mac users will increasingly come under attack from bad guys and this new rogue application and the constant stream of new variants of [Mac trojan] DNS Changer is proof of that. It doesn't mean that Mac is becoming less secure in and of itself. But it does mean that Mac users will have to watch out for social engineering tricks just like Windows users have had to do for years," he said.
The distributors of MacSweeper -- who claim to be a company called KiWi Software -- are also fleecing Symantec: Runald said they have copied the security company's "About Us" blurb and replaced its name with their own.
Late last year security vendor Intego claimed to have found the first trojan targeting Mac OS X Tiger, DNS Changer. The malware distributors attempted to infect Macs by offering a video streaming decoder -- a codec -- that the distributors claimed could decode porn that was not viewable through Quicktime. Like this latest scam, the distributors used social engineering techniques to trick users into downloading the software.
The trojan worked by changing a Mac's DNS settings to redirect victims to porn Web sites. F-Secure later reported it had discovered 32 variants of the trojan, and said it was related to the group distributing zlob.
A Deeper Look On MacSweeper, with developer comments:
http://blog.iantivirus.com/2008/01/deeper-look-on-macsweeper.html