News, Reviews and more from Australia's Macintosh Authority
News, Reviews and more from Australia's Macintosh Authority
ADVERTISEMENT
Some Macintosh users have encountered a security program whose function and web site have the tell-tale signs of a scam. Visitors to the web site selling the program, called MacSweeper, are offered a free security scan of their computers. The scan, which only works on Macs, highlights supposed security problems with the computers. It offers to remove the problems with the purchase of a $US39.99 lifetime subscription.
But the awkward English on the program’s web site, and the way the program operates, have raised doubts over its legitimacy, users and security researchers say. "The imbibed set of features locates all the junk and useless data on your computer and deletes them to reclaim the wasted space," according to the pitch on MacSweeper’s home page.
Security company F-Secure wrote that the program may be the first rogue application for Macs. Windows machines have been more frequently targeted by similar software, sometimes labeled "scareware" since users are warned their computers will be in danger unless they purchase the software. Among the more notorious scareware for PCs is Winfixer, also known by the aliases ErrorSafe, WinAntiVirus and DriveCleaner.
The MacSweeper web page is hosted on a server in Kiev, Ukraine, said Patrik Runald, security response manager for F-Secure, who is based in Malaysia. Information on the site about MacSweeper’s company, Kiwi Software, has been plagiarised from Symantec’s web page, Runald said, "they just ripped that information straight off there". The same text is also used on Cleanator.com, which sells a Windows-compatible version of the same kind of program, Runald said. Another security vendor, Sophos, classifies Cleanator as a "potentially unwanted program."
Once MacSweeper is running on a Mac it will often pick odd items, such as language files, and label them as being a privacy risk, Runald said. In at least one instance an F-Secure researcher visited the MacSweeper site and clicked a button labeled “Free scan.” The scan highlighted Mac-related problems, even though the researcher was using a PC. MacSweeper doesn’t use any tricks to get onto a machine other than trying to persuade users to download it, Runald said. Nonetheless, F-Secure typically contacts Finland’s Computer Emergency Response Team when it finds scams such as MacSweeper, Runald said.
A user on one of Apple's discussion boards wrote that their Safari browser kept redirecting to the MacSweeper site, a sign that malicious scripts may be involved. "If I click on anything it'll try downloading the software," the person wrote. "How do i get rid of this? It's really annoying. I don't want it, and I wish it would leave me alone."
If you're using Apple's Safari browser, PayPal has some advice for you: Drop it, at least if you want to avoid online fraud. Safari doesn't make PayPal's list of recommended browsers because it doesn't have two important anti-phishing security features, according to Michael Barrett, PayPal's chief information security officer. "Apple, unfortunately, is lagging behind what they need to do, to protect their customers," Barrett said in an interview. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera." Safari is the default browser on Apple's Macintosh computers and the iPhone, but it is also available for the PC. Both Firefox and Opera run on the Mac. Unlike its competitors, Safari has no built-in phishing filter to warn users when they are visiting suspicious Web sites, Barrett said. Another problem is Safari's lack of support for another anti-phishing technology, called Extended Validation (EV) certificates. This is a secure Web browsing technology that turns the address bar green when the browser is visiting a legitimate Web site.
Robert McMillan | Feb 29, 2008
SophosLabs announced this morning that a new bit of Mac "Scareware" is doing the rounds. Calling itself "Imunizator" it's a variant of the MacSweeper program that appeared in January. As with MacSweeper, Imunizator tries to scare users into downloading unnecessary security software by claiming that security problems have been detected on their systems.
Matthew JC. Powell | Mar 31, 2008
PayPal, eBay’s electronic payment service, plans to take the dramatic step of locking out people using older versions of web browsers in order to stem phishing attacks. PayPal said a “significant” group of people still use Microsoft’s Internet Explorer 3, released in 1996, and IE 4, which debuted in 1997. Those browsers lack a phishing filter, which can block users from accessing a reported phishing web site.
| Apr 21, 2008
Phishers have targeted users of Apple's iTunes music store with sophisticated identity theft attacks for the first time, a security company said Tuesday. People began receiving spammed messages Monday telling them that they must correct a problem with their iTunes account, said Andrew Lochart, an executive with e-mail security vendor Proofpoint Inc. A link in the spam leads to a site posing as an iTunes billing update page; that phony page asks for information including credit card number and security code, Social Security number and mother's maiden name.
Gregg Keizer | May 21, 2008
This morning Apple released a new version of its iPhone SDK for developers. iPhone SDK beta 2 includes Interface Builder, a component of Apple’s development tools that lets developers create the interface for their applications. That seems to be the only major change in the latest build, according to the SDK’s read me, which continues to list some known issues. Apple says “this second beta is known to be incompatible with installation folders other than the default /Developer.” Given the importance of UI on the Mac, Interface Builder is a pretty critical tool in the development process, and some developers had chosen to hold off on their efforts until the SDK was revised. Apple unveiled the iPhone SDK at a special event earlier this month, allowing developers to begin building applications for the iPhone and iPod touch. Several high-profile companies have already jumped onboard, demoing their applications at the event. Highlighting the demos was AOL with a native AIM client; other applications from Electronic Arts, Salesforce.com, and Apple were also shown.
