Scareware Is Everywhere – As Mac Users Just Found Out

The success cyber criminals have had with the recent Mac scareware attack (MacDefender, which has already morphed into a new variant – MacGuard), emphasizes the following point – given the opportunity, Mac users may be just as likely as Windows users to say “Yes” to an invitation to download a rogue security application.

Considering Apple’s marketing style, which reinforces the myth that Macs are inherently more resistant to malware infections than Windows PCs (bolstered by the cachet that Mac users are somehow smarter than PC users), I suspect that Mac users are in for a rough ride in the coming months. Undoubtedly, Mac users will learn that cyber criminals use of social engineering is not platform specific.

Hopefully, this reality check will put a stop to nonsensical forum comments like the following.

“Well this is why I’m glad to have a Mac just saying”

“If Windows didn’t exist these things wouldn’t happen to people”

Since myths tend to die a slow and painful death however, I somehow doubt it.

Early last year, I posted an article – Say “Yes” on the Internet and Malware’s Gotcha! – which pointed out the potential consequences to those Internet users who instinctively, and unthinkingly, click on “Yes” or “OK”. Given the unprecedented rise in the number of malicious scareware applications in the interim (often, but not exclusively, promoted through poisoned Google search results), that article is worth reposting.

The following is an edited version of that earlier article.

It's not my fault Virtually every computer user, at both the home user level (my friends), and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response. But we old timers, (sorry, seasoned pros), know the reality is somewhat different, and here’s why.

Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers.

In other words, cybercriminals rely on the user/potential victim saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a sad fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

Here’s an example of a rogue security application getting ready to pounce. A progressively more common occurrence on the Internet.

image

image

I can’t say this often enough. Ensure you have adequate knowledge to protect yourself and stay ahead of the cybercrime curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is loaded with sites (including this one), dedicated to educating computer users on computer security – including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated.

Internet users who are aware of significant changes in the Internet security landscape, will react accordingly. Unfortunately, experience has taught me that you can’t fix stupid.

Before you say “yes”

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

I’ll put it more bluntly – If you get a malware infection; it’s virtually certain it’s your fault. You might think – here’s this smug, cynical guy, sitting in his office, pointing undeserved critical fingers. Don’t believe it.

If users followed advice posted here, and advice from other security pros, and high level users, the Internet could be a vastly different experience for many. At the very least, we might have half a chance of dealing more effectively with the cybercriminal element. To this point, we’re losing rather magnificently.

Computer users would be vastly better off if they considered Internet security advice, as a form of inoculation. It’s a relatively painless way to develop immunization. While inoculations can be mildly painful, the alternative can be a very painful experience.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

About these ads

10 Comments

Filed under Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Safety, internet scams, Mac, Malware Alert, Online Safety, Rogue Software, Safe Surfing, scareware, Windows Tips and Tools

10 responses to “Scareware Is Everywhere – As Mac Users Just Found Out

  1. Mal

    Hey Bill,
    That screenshot of antivirus pro had me cracked up. “Pervent data loss”. The idiots can’t spell.
    If I had a dollar for every person I’ve met who says “Oh, I know about computers, I’m ok”, I’d be rich. Usually the same people who end up with an unworkable machine and/or had their identity and money ripped off.
    I consider myself up to speed on internet security, but I will never become complacent. The bad guys don’t, neither will I.
    Cheers

    • Hey Mal,

      Now I like that – the bad guys don’t become complacent. I’ll have to find a place to plug that in.

      Have to agree with your observation that the “know it all” attitude is pretty common. Makes this type of individual the perfect “victim in waiting”.

      Best,

      Bill

  2. Hi Bill,
    Some factoids and info for Mac users. The recent crop of Malware is likely only the beginning, the eastern European mob has begun developing malware “kits” to target Macs. New variants on the exploit no longer require password to begin to install. Going into “System Preferences” for Safari web browser and make sure Open “Safe” Files after downgrading is unchecked will help protect you as will running a different browser. Removing the current 2 generations of malware can be handled by programs such as “APPZapper” which remove all unwanted programs and associated files.
    Hope it helps anyone who has been bitten, unfortunately Apple hasn’t been very forthright in dealing with this.
    Take care.
    Mark

  3. Bill,
    I couldn’t agree more! Nice article. Here’s my two cents: back when hackers were mostly amateurs who hated Microsoft…and were probably MAC users, MACS got a pass from them, and the cyber crooks left them alone because their numbers were much smaller than Windows users. Now that organized cybercrime has stepped onto the scene, they are attacking everyone who uses the Internet…as you wisely note “social engineering is not platform specific”.
    Finally, somehow I think those MAC users who rubbed Windows users noses in it in the past, as you noted…will almost certainly blame their new found vulnerabilities on Windows users. Mark my words.
    Keep up the good fight!
    Best,
    Paul

    • Hi Paul,

      And, a very valuable two cents!

      I know it’s mean to think so – but, I can’t help but feel that Apple deserves to be kicked off their self created “malware immunity” pedestal. They’ve gotten away with this blatant lie for years. Now, Mac users will be forced to deal with the “real” Internet that the rest of us have had to deal with for years. You’ll have to pardon me if I laugh up my sleeve.

      Best,

      Bill

  4. As more Windows users become Mac users the likely hood of a “Mac” user falling for scams will increase.

  5. Excellent article sir. On the corporate side, since the Great Recession, companies have severely if not entirely cut back on security training for their employees and customers. This opens the gate for social engineering and phishing scams. Add on top of that the delusion that Macs are immune to malware and viruses, sprinkle some iDevices accessing sensitive corporate data and you have a recipe for a rude awakening.

    As I continually remind my clients, it’s not about the technology it’s about the people, policies and the general housekeeping of the technology infrastructure. This is perfectly encapsulated with the SONY fiasco in my view.

    Apple with just have to have a few large breaches of their OS or devices, this will pierce the “executive bubble” that surrounds the C-Suite and deflate the image of immunity in the eyes of the end-user.

    • Hi Mike,

      Indeed! Each of your points strike home with me.

      I often wonder, if we’re not now reaping the “rewards” of the “nanny state” philosophy we’re all so accustomed to.

      Bill