One advantage is often expressed about the Mac OS is as if immune to the virus. When in reality all are man-made software maker to bring nature, imperfect alias always contain vulnerabilities.
Lately circulating variants aka Rogue Antivirus fake antivirus which also threaten Mac users not only the specter of Microsoft Windows users. Rogue Antivirus is one type of malware that is very avoidable. Rogue Antivirus has hundreds of variants that infect the user's computer in the world. Almost every year since 2008, variants of this malware continues to grow and spread throughout the world.
And now, a target the virus to grow on other OS platforms such as Android or Mac OS because apparently both OS platforms is starting to get a large user base so shattered that myth or propaganda that there is a Operating System that is immune to viruses.
If you are computer users with the Mac OS platform in Indonesia, please be careful because since May 2011 until now has been detected Rogue Antivirus attacks that infect the Mac OS users. And one of the variants detected Rogue Antivirus is one of the variants of the Mac Mac Defender Security or Trojan.Fakealert.20856.
Mac Defender
For users of Mac OS, in 2008 also identified variants with names MacSweeper Rogue Antivirus and iMunizator. While the current variants of Rogue Antivirus is spreading and developing the Mac Defender. Mac Defender itself has 5 types of variants: Defender Mac, Mac Guard, Protector Mac, Mac and Mac Security Shield. All 5 types of these variants have emerged since May 2011 and is still spreading and growing.
The first variant is Mac Defender spread using the Facebook social networking media to spread a message to display a video. While variants Mac Mac Security Protector and spreads by exploiting results on google image search. For Mac variants Guard spread and thrive by being able to installed without requiring a password. As for the last variant is Mac Shield comes after Apple released the latest patch update for a block against Mac Defender. Shield Mac variants capable of penetrating the latest patch is so easily installed on Mac OS computers.
The five variants of Mac Defender has the same capabilities that generate pop-up antivirus scan, and retrieve information or personal data, especially relating to credit cards. Moreover, in general you will be asked to purchase a license antivirus Mac Defender is worth 59.95 dollars to 79.95 dollars.
The characteristics of the attack
File Mac Security (Trojan.Fakealert.20856) will be downloaded when you access a link from your site or social networking and run the file. These files generally have the following characteristics:
- The name "MacSecurity3s.mpkg"
- Size "1.9 MB"
- Extension "mpkg"
- The file type "installer package"
In general, the Safari browser on Mac Os feature "open save files after downloading" is already selected by default. So if you've downloaded, it will automatically install of Mac Security window will open and the user will be forced to run until completion.
After installation is complete, Mac Security would create a set of files is as follows:
- / Applications / MacSecurity.app / Contents / Info.plist
- / Applications / MacSecurity.app / Contents / PkgInfo
- / Applications / MacSecurity.app / Contents / MacOS / MacSecurity
- / Applications / MacSecurity.app / Contents / Resources / About-Back.png
- / Applications / MacSecurity.app / Contents / Resources / About-Mail.png
- / Applications/MacSecurity.app/Contents/Resources/About-Phone32x32.png
- / Applications / MacSecurity.app / Contents / Resources / About-Ticket.png
- / Applications / MacSecurity.app / Contents / Resources / AboutD.nib
- / Applications / MacSecurity.app / Contents / Resources / AboutMBMI.png
- / Applications / MacSecurity.app / Contents / Resources / Affid.txt
- / Applications / MacSecurity.app / Contents / Resources / [etc. up to 140 files] ... ... ... ... ... ... ... ....
- / Applications / MacSecurity.app / Contents / Resources / English.lproj / InfoPlist.strings
- / Applications / MacSecurity.app / Contents / Resources / English.lproj / Localizable.strings
- / Applications / MacSecurity.app / Contents / Resources / English.lproj / MainMenu.nib
- / Applications / MacSecurity.app / Contents / Resources / Fonts / MyriadPro-It.otf
- / Applications / MacSecurity.app / Contents / Resources / Fonts / MyriadPro-Regular.otf
- / Applications / MacSecurity.app / Contents / Resources / Fonts / MyriadPro-Semibold.otf
- / Applications / MacSecurity.app / Contents / Resources / Fonts / MyriadPro-SemiboldIt.otf
Symptoms & Effects
Some symptoms that occur if you are infected is:
- Active on start-up and display a splash screen
Each computer starts, Mac Security (Trojan.Fakealert.20856) will be activated immediately on start-ups and splash screen will appear.
- Active on the taskbar and bring up a pop-up message
Mac Security (Trojan.Fakealert.20856) will also be active on the taskbar and the Mac OS will display a pop-up messages at certain times.
- Have a view similar antivirus programs
One that makes the Mac Security (Trojan.Fakealert.20856) and other variants of its Mac Defender looks convincing the display program that is almost similar to antivirus programs. It is used to manipulate the Mac OS users that like to use an antivirus product and to be willing to pay for his license.
- Provides antivirus license through an online web
If the status of the scan shows a variant of the malware, the Mac Security (Trojan.Fakealert.20856) will offer to the cleaning process by first purchasing a license via the internet at a cost of 59.95 dollars to 79.95 dollars. Virus writers have created some links fake sites is used to convince computer users.
- Retrieve data or information Credit Cards
When offered the process of purchasing the license via the Internet, the user will be prompted to enter data or credit card information. This is a great way to get virus maker of data or credit card information from the site links that have made such false.
- Using e-mails and fake websites in order to facilitate the purchase of Mac Security information
In order for computer users believe, the virus include e-mail and fake websites to facilitate the purchasing process of the Mac Security (Trojan.Fakealert.20856). Weebsite address listed is the "mac-defence.com" and "macbookprotection.com". Both of these websites were identified from Russia.
- Integrated with Mac OS login account
To be active and running on all accounts including the Admin, Mac Security (Trojan.Fakealert.20856) add yourself to the login account (or so-called start-ups in Windows).
Mac Security Deployment Methods
Some of the ways of the Mac Security (Trojan.Fakealert.20856) make the distribution as follows:
- SEO (Search Engine Optimization) Poisoning
SEO Poisoning is the way the virus by using search results from a web search (Google, Yahoo, Bing, etc.) to trick the user to run a link (javascript) is dangerous. In this way the user will automatically download a file Defender Mac variant.
- Social network Facebook
For users of social networking facebook, please be careful of the sent message that displays a video link that also contains the javascript.
Cleaning Mac Security
1. Disconnect the network / internet.
2. Turn off the Mac Security (Trojan.Fakealert.20856)
Perform the following steps:
· Click the Go menu, select Utilities.
· In Utilities, click the file 2x Activity Monitor
· In Activity Monitor, select the process with the name Mac Security and then click Quit Process.
3. Remove Mac Security (Trojan.Fakealert.20856)
Perform the following steps:
· Click the Go menu, choose Applications.
· In Applications, select MacSecurity.
· Then drag the slider toward the program MacSecurity Trash.
· Then click the Finder menu, select Empty Trash.
· When a message appears to permanently delete, click OK.
4. Delete account login Mac Security (Trojan.Fakealert.20856)
Perform the following steps:
· Click the Apple logo, select System Preferences.
· In System Preferences, select Accounts.
· In the Accounts window, select an account and then select the Login Items tab.
· Then select the Mac Security and then click the (-).
· Perform well against other accounts.
5. For optimal cleaning and prevent re-infection, you should use an updated antivirus and malware is well recognized.
No comments:
Post a Comment