Posted on 05/02/2011 11:28:51 AM PDT by Swordmaker
Intego has discovered a rogue anti-malware program called MACDefender, which attacks Macs via SEO poisoning attacks. When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open “safe” files after downloading in Safari, for example), will open. The file is decompressed, and the installer it contains launches presenting a user with the following screen:
If the user continues through the installation process, and enters an administrator’s password, the software will be installed.
It is important that users not continue with any unexpected installation of this type. Intego VirusBarrier X6′s malware definitions will be updated today, and Intego will be publishing a security memo when we have more information about this malware. For now, the threat is low, but users should be careful not to install software when installers open unexpectedly.
May 2, 2011Security
Not exactly a "virus" unless the user purposely installs it... Sort of like the "Polite Virus" that went around a few years ago...
[Virus Start]
Dear user,
Please randomly delete some files on your computer, then email this message to everyone you know.
Thank you
[End Virus]
Mark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.