News, Reviews and more from Australia's Macintosh Authority
News, Reviews and more from Australia's Macintosh Authority
ADVERTISEMENT
SophosLabs announced this morning that a new bit of Mac "Scareware" is doing the rounds. Calling itself "Imunizator" it's a variant of the MacSweeper program that appeared in January. As with MacSweeper, Imunizator tries to scare users into downloading unnecessary security software by claiming that security problems have been detected on their systems.
Also in common with MacSweeper, Imunizator (properly identified as Troj/MacSwp-B) does not, in fact, detect any security problems on your machine. It's just there to scare you. Specifically, it's there to scare you into paying for some bogus software to "fix" the non-existent security problems. Its motivation is entirely monetary. It's not at all unusual for malware authors to "repackage" existing programs like this, as a way to dodge security software that has been made aware of its earlier incarnations.
Graham Cluley, a senior technology consultant for Sophos, said that "Windows users are no strangers to scareware like this, but it is rarer on the Macintosh". He reiterated earlier comments that malware on the Mac is still quite rare, but as the Mac community grows so will its attractiveness to profit-motivated malware authors.
The solution is ensuring that whatever security software you have on your computer (even if it's just what comes in OS X) is kept up to date with all the latest patches. And, of course, be aware that scams like this are out there so you don't get fooled.
Some Macintosh users have encountered a security program whose function and web site have the tell-tale signs of a scam. Visitors to the website selling the program, called MacSweeper, are offered a free security scan of their computers. The scan, which only works on Macs,highlights supposed security problems with the computers. It offers to remove the problems with the purchase of a $US39.99 lifetime subscription.
AMW | Jan 22, 2008
If you're using Apple's Safari browser, PayPal has some advice for you: Drop it, at least if you want to avoid online fraud. Safari doesn't make PayPal's list of recommended browsers because it doesn't have two important anti-phishing security features, according to Michael Barrett, PayPal's chief information security officer. "Apple, unfortunately, is lagging behind what they need to do, to protect their customers," Barrett said in an interview. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera." Safari is the default browser on Apple's Macintosh computers and the iPhone, but it is also available for the PC. Both Firefox and Opera run on the Mac. Unlike its competitors, Safari has no built-in phishing filter to warn users when they are visiting suspicious Web sites, Barrett said. Another problem is Safari's lack of support for another anti-phishing technology, called Extended Validation (EV) certificates. This is a secure Web browsing technology that turns the address bar green when the browser is visiting a legitimate Web site.
Robert McMillan | Feb 29, 2008
PayPal, eBay’s electronic payment service, plans to take the dramatic step of locking out people using older versions of web browsers in order to stem phishing attacks. PayPal said a “significant” group of people still use Microsoft’s Internet Explorer 3, released in 1996, and IE 4, which debuted in 1997. Those browsers lack a phishing filter, which can block users from accessing a reported phishing web site.
| Apr 21, 2008
Phishers have targeted users of Apple's iTunes music store with sophisticated identity theft attacks for the first time, a security company said Tuesday. People began receiving spammed messages Monday telling them that they must correct a problem with their iTunes account, said Andrew Lochart, an executive with e-mail security vendor Proofpoint Inc. A link in the spam leads to a site posing as an iTunes billing update page; that phony page asks for information including credit card number and security code, Social Security number and mother's maiden name.
Gregg Keizer | May 21, 2008
App Store developers will now be able to reach customers in 13 new countries, according to an announcement on the iPhone Developer Program news page.
