June 8, 2011 at 3:42 PM ET
Mac malware, having been an oxymoron, is no longer so as many Mac users know. If you aren't aware of the MacDefender/MacShield-buy-this-anti-virus-software ruse by now, you may be soon; software and Web-security firm Sophos says it's seeing an uptick in the fake anti-virus program that is looking to take as much as 100 bucks from your wallet.
"More Mac scareware appeared overnight, with the cybercrooks following the same sort of strategy which has worked so well on Windows: regularly change the look and feel of the fake anti-virus software; use legitimate-sounding brand names (or steal genuine product names); stick to a price-point between $50 and $100; keep the fear factor high; but keep the core programming very similar so development costs are negligible," writes Paul Ducklin, Sophos' head of technology, on the company's blog.
And of course, once you've paid up, "the scareware stops lying to you about the non-existent threats, as though it really did clean them up. This means that many victims of this sort of fraud don't even realise they've been duped. Until next time."
Graham Cluley, Sophos' senior technology consultant, confirmed in an email to msnbc.com that Sophos has seen "more Mac malware this week. It's pretty much the same from the victim's point of view as what we've seen before, only it presents itself as 'MacShield' rather than, say, 'MacDefender.' "
What can you do? First, check Apple's support site for more information. Second, Sophos has some good "anti-scareware tips" for Apple users (as well as a free anti-virus program for Mac home users with OS 10.4 and later that can help beat off this crud):
- If you use Safari, turn off the open "safe" files after downloading option. This stops files such as the ZIP-based installers favoured by scareware authors from running automatically if you accidentally click their links.
- Don't rely on Apple's built-in XProtect malware detector. It's better than nothing, but it only detects viruses using basic techniques, and under a limited set of conditions. For example, malware on a USB key would go unnoticed, as would malware already on your Mac. And it only updates once in 24 hours, which probably isn't enough any more.
- Install genuine anti-virus software. Ironically, the Apple App Store is a bad place to look — any anti-virus sold via the App Store is required by Apple's rules to exclude the kernel-based filtering component (known as a real-time or on-access scanner) needed for reliable virus prevention.
- Religiously refuse any anti-malware software which offers a free scan but forces you to pay for cleanup. Reputable brands don't do this — an anti-virus evaluation should let you try out detection and disinfection before you buy.