Home » » May 2 MAC Defender + May 11 Mac Protector Fake Antivirus Programs

May 2 MAC Defender + May 11 Mac Protector Fake Antivirus Programs

MAC Defender Fake Antivirus Program

INTEGO SECURITY MEMO – May 2, 2011 MAC Defender Fake Antivirus Program Targets Mac Users

Quote from Intego: Description: Intego has discovered a fake antivirus program called MAC Defender, which targets Mac users via SEO poisoning attacks (web sites set up to take advantage of search engine optimization tricks to get malicious sites to appear at the top of search results).
When a user clicks on certain links after performing a search on a search engine such as Google, they are sent to a web site that displays a fake Windows screen with an animated image showing a malware scan; a window then tells the user that their computer is infected. After this, JavaScript on the page automatically downloads a file. The file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (“Open ‘safe’ files after downloading” in Safari, for example), will open. The file is decompressed, and the installer it contains launches presenting a user with the following screen:

  General File Information




 Added Mac Protector - May 11, Thanks to anonymous donation

Malware: OSX/MacDefender.Aand Mac protector.A
Distribution: Web browsing  Low; in the wild, but not very widespread for now

Download

 File name:MacProtector
Submission date:2011-05-09 19:49:55 (UTC)
Result:14 /43 (32.6%)
http://www.virustotal.com/file-scan/report.html?id=2e9a751efb38ff8e971a9dd4c629bd5066c9fb802a0d821ef5c250e0b1c43382-1304970595
ClamAV     0.97.0.0     2011.05.09     Trojan.OSX.MacDefender.C
Emsisoft     5.1.0.5     2011.05.09     Hoax.Mac.MacProtector!IK
F-Secure     9.0.16440.0     2011.05.09     Rogue:OSX/FakeMacDef.F
Fortinet     4.2.257.0     2011.05.09     OSX/MacProtector.A
Ikarus     T3.1.1.103.0     2011.05.09     Hoax.Mac.MacProtector
Kaspersky     9.0.0.837     2011.05.09     Hoax.Mac.MacProtector.a
Microsoft     1.6802     2011.05.09     Rogue:MacOS_X/FakeMacdef
NOD32     6107     2011.05.09     OSX/AdWare.MacDefender.E
PCTools     7.0.3.5     2011.05.09     RogueAntiSpyware.MacProtector
Sophos     4.65.0     2011.05.09     OSX/FakeAV-A
Symantec     20101.3.2.89     2011.05.09     MacProtector
TrendMicro     9.200.0.1012     2011.05.09     OSX_FAKEAV.A
TrendMicro-HouseCall     9.200.0.1012     2011.05.09     OSX_FAKEAV.A

VirusBuster     13.6.345.0     2011.05.09     FraudTool.OSX.Defma.G
Additional information
Show all
MD5   : 1f8e9cd3f0717a85b96f350e4f4a539a

MAC DEFENDER
Archive.pax
Current status:
9 /41 (22.0%)
AntiVir     7.11.7.150     2011.05.04     MACOS/FakeAV.A
BitDefender     7.2     2011.05.04     MAC.OSX.Trojan.FakeAlert.A
ClamAV     0.97.0.0     2011.05.04     Trojan.OSX.MacDefender
DrWeb     5.0.2.03300     2011.05.05     Trojan.Fakealert.20856
F-Secure     9.0.16440.0     2011.05.04     Rogue:OSX/FakeMacDef.A
GData     22     2011.05.05     MAC.OSX.Trojan.FakeAlert.A
Kaspersky     9.0.0.837     2011.05.05     not-a-virus:FraudTool.OSX.Defma.a
Microsoft     1.6802     2011.05.04     Rogue:MacOS_X/FakeMacdef
Sophos     4.64.0     2011.05.05     OSX/FakeAV-DMP
MD5   : c0c866fde6336764da0def483f635dc9
SHA1  : a61f2cb78bbb0472d95d2b967e3eda5f786e07ac

http://www.virustotal.com/file-scan/report.html?id=22c3ded47d1903c101efefaba219e13542a4d2c463004fc6058f00eba2293466-1304457284
MacDefender
Submission date:
2011-05-03 21:14:44 (UTC)
Result:6 /41 (14.6%)
DrWeb     5.0.2.03300     2011.05.03     Trojan.Fakealert.20856
Kaspersky     9.0.0.837     2011.05.03     not-a-virus:FraudTool.OSX.Defma.a
Microsoft     1.6802     2011.05.03     Rogue:MacOS_X/FakeMacdef
PCTools     7.0.3.5     2011.05.03     MACDefender
Sophos     4.64.0     2011.05.03     OSX/FakeAV-DMP
Symantec     20101.3.2.89     2011.05.03     MACDefender
MD5   : 2f357b6037a957be9fbd35a49fb3ab72
SHA1  : fb6f092624d48fe9a496c50f615b424b27cf3515





Related Posts: