Do not be deceived by the name of this application, Mac Security. At first glance it is a security application for Mac OS, but this is a malicious program disguised as a fake antivirus.
This application has Trojan.Fakealert.20856 real name, and will be downloaded when you access a link from your site or social networking and run the file. This file is usually named 'MacSecurity3s.mpkg', size 1.9 MB, and has a package installer file types.
In general, the Safari browser on Mac Os has a feature 'Open the save file after downloading' which is selected by default. So if it is downloaded, it will automatically install of Mac Security window will open and the user will be forced to run to completion.
Here are the symptoms that occur if your computer is already infected:
1. Active at start-up and display a splash screen
Each computer is turned on, the Mac Security (Trojan.Fakealert.20856) will be activated immediately on start-up and the splash screen will appear.
2. Active on the taskbar and bring up a pop-up message
Mac Security will also be active on the taskbar and the Mac OS will bring up a pop-up messages at certain times.
3. Has a similar appearance antivirus program
One that makes a Mac a Mac Defender Security and other variants seem convinced that the display program that is almost similar to an antivirus program. It is used to manipulate the user's Mac OS that seems to use antivirus products and to be willing to pay a license.
4. Offers antivirus license through an online web
If the status of the scan shows a variant of the malware, then Mac Security will offer to the cleaning process by first purchasing a license via the Internet at a cost of between $ 59.95 to $ 79.95. Virus writers have created some links fake sites is used to convince computer users.
5. Retrieving data or credit card information
When offering the process of purchasing the license via the internet, the user will be prompted to enter data or credit card information. This is a way to get virus maker of data or credit card information from a fake site links that have made it.
6. Using emails and fake websites in order to facilitate the purchase of Mac Security information
In order for computer users believe, the virus makers to include emails and fake websites to facilitate the purchasing process of Mac Security. Website address is listed among the 'mac-defence.com' and 'macbookprotection.com'. Both of these websites were identified from Russia.
7. Integrated with the Mac OS login account
To be active and running on all accounts including Admin, Mac Security add yourself to the login account or called start-ups in Windows.
Following the method for distributing Mac Security:
-. SEO (Search Engine Optimization) Poisoning
SEO Poisoning is the way the virus by using search results from a web search (Google, Yahoo, Bing, etc.) by tricking a user to run a link (javascript) dangerous. In this way the user will automatically download a file variant of Mac Defender.
-. Facebook social networking
For those users of social networking facebook, please be careful of the sent message that displays a video link which also contains the javascript.
* The author, Adi Saputra is a Lab and Research Head Vaksincom.
0 comments:
Post a Comment