Please respect
FT.com's ts&
cs and copyright policy which allow you to: share links; copy content for personal use; & redistribute limited extracts. Email
ftsales.support@ft.com to buy additional rights or use this link to reference the article -
http://www.ft.com/cms/s/2/a6e6aa7a-87c0-11e0-a6de-00144feabdc0.html#ixzz1NYFjEoHm
Apple Macs hit by scareware attacks
By Joseph Menn in San Francisco
Published: May 26 2011 19:40 | Last updated: May 26 2011 19:40
One of the most pervasive and costly types of virus is now affecting Mac computers, signalling the end of an age of innocence for Apple customers, who until now have been spared many common cybersecurity problems.
Known as rogue antivirus or scareware, the scam programs warn
PC and now Mac owners that they have been infected, then demand credit card payments to clean the machines.
EDITOR’S CHOICE
In depth: Apple - Apr-27Dust build-up blamed for Foxconn plant blast - May-23Lex: Apple’s cheaper iPhone - May-13Apple open to lawsuit over data collection - May-11Hearst signs up with Apple for iPad - May-05Apple demands 30% slice of subscriptions - Feb-15The operators of the programs are typically criminals who may resell the card details or try to install more malicious software.
PCs running Microsoft’s Windows operating system have been besieged by scareware for years. Though scareware infections can begin in a number of ways, they are often triggered by the ability in popular web browsers to download programs automatically.
In the past few weeks, a large number of Mac users have run into the same problem, encountering scareware with names like MacDefender, MacSecurity and MacProtector when using Apple’s standard Safari browser for web surfing. The programs sport professional-looking interfaces and have been lurking in advertisements on media sites and links returned by Google searches.
For Mac owners running Safari in the default mode that enables downloading of “safe” files, the malicious programs began installing automatically and then prompted the users for their passwords to finish the job. If they complied, the software ran when the machine restarted, reporting bogus infections and asking for payment.
Apple’s initial response to waves of callers to its AppleCare tech support lines was unhelpful, according to leaked internal instructions posted on the tech news site ZDNet.
Staff were told to neither confirm nor deny infections and to steer callers to Apple’s online stores for security products.
Apple on Tuesday posted an article on its website acknowledging the problem and offering a guide for step-by-step removal.
The criminal gang behind the infections responded quickly with an upgrade that security researchers said allowed it to launch an installation of a bogus “Mac Guard” program without requesting user passwords. Users see an installation screen and can still abort the process, according to security company Inteko.
Apple customers have always been vulnerable to the same sort of “social engineering” tricks such as “phishing” attacks, where e-mail recipients can be duped into entering passwords or other credentials on imposter websites.
They remain far less prone to viruses than owners of Windows
PCs, especially the worst, self-spreading varieties. The cybercrime world has largely ignored Macs because their market share of less than 10 per cent has made mass attacks less valuable.
But as Apple’s Mac shipments surge this is changing. Buyers are likely to be targeted, forcing Apple to rethink its security or lose one of its key selling points.
Copyright The Financial Times Limited 2011. You may share using our article tools. Please don't cut articles from
FT.com and redistribute by email or post to the web.
