A new malware which attacks specifically mac users is being
reported. I came across it in TidBITS-Talk. It is called Mac Defender
and targets Mac users via SEO (Search Engines optimisation) poisoning
attacks. Following is a good description of this fake anti-virus
programme (Intego security Memeo - Mac defender Fake Antivirus Program
Targets Mac Users): When a user clicks on certain links after performing a search
on a search engine such as Google, they are sent to a web site that
displays a fake Windows screen with an animated image showing a malware
scan; a window then tells the user that their computer is infected.
file downloaded is a compressed ZIP archive, which, if a specific option
in a web browser is checked (“Open ‘safe’ files after downloading” in
Safari, for example), will open.
(In some other reports this file has been named BestMacAntivirus2011.mpkg.zip
and identifies it as a Windows scam adapted for Macs.)
For a detailed description please see this site: http://blog.intego.com/2011/05/02/intego-security-memo-macdefender-fake-antivirus/
Again, it should be emphasized, it is scareware and works only with the consent of
the user. To safeguard against it:
Uncheck the option “Open ‘safe’ files after downloading” in Safari - Preferences -
General and in all other browsers where you find this option
and do not respond to a fake malware scan.