Cyber-crooks eye Apple Macs with fake anti-malware
NEW YORK - The days when Mac users need not worry about their computers getting infected with malicious software may be coming to an end.
Internet security experts say that cyber-criminals have begun targeting users of the increasingly popular computers from Apple Inc with one of the most pernicious types of malware: fake anti-virus programs.
To date, hackers have focused on writing malicious software for machines running Microsoft Corp's Windows operating system, which inhabits more than nine of every 10 PCs.
But Macs grow in number, they are becoming more attractive targets.
"Only once a platform has a certain level of market share does it become profitable for malware to attack it," said Dino Dai Zovi, co-author of The Mac Hacker's Handbook. "As the Mac becomes more popular there will be more and more threats."
Security firm McAfee has seen "a steady stream" of these anti-malware viruses appear over the Internet in the past week as it scours the Web for malicious software, said Dave Marcus, one of the company's top researchers.
The fake anti-virus malware is downloaded when people click on links from tainted search engine results for popular queries, Marcus said. It also spreads when users click on links to malicious sites that might be included in emails, Tweets or Facebook messages.
A spokesman for Apple declined comment.
Enforcing cybersecurity is becoming increasingly difficult with the proliferation in recent years of interconnected devices. The hacking of Sony's PlayStation Network -- which unearthed data on more than 100 million users in the largest single Internet hacking scheme ever -- underscored how exposed consumers can be.
Malware ranges from software that runs in the background to break into private data, to programs such as fake anti-virus software intended to help hackers profit.
These programs cause messages to pop up saying a machine has been infected with a virus. They offer to sell a fake anti-virus software package to clean up the problem. If the user pays the $80 to $100 for the software, the messages generally disappear.
But if the user fails to pony up, the annoying messages persist.
"This is the first time we've seen something hit en masse," said Chet Wisniewski, senior security adviser with anti-virus software maker Sophos, a rival of McAfee.
Wisniewski's company located a version of the fake anti-virus software for Macs that caused pornography to show up on a machine's screen every few minutes, to convince users their machines did indeed need to be cleaned of malware.
Sophos is one of a handful of security firms that sell anti-virus software for Macs. Others include McAfee and Symantec Corp. Apple already includes basic anti-virus software as part of its Mac OS X operating system.
Independent Mac security experts believe there is enough security built into the OS X operating system to protect users, given the current level of risk.
If users want extra protection, they should obtain anti-virus software from a company that they are sure is a legitimate vendor, said Dino Dai Zovi, co-author of The Mac Hacker's Handbook. He advised users to obtain that software through the Mac App Store.
One day, he said, it will become necessary to purchase special protection for Macs, but that time has not yet arrived.