Mac users hit with malware via poisoned Google image searches, Sophos reports
May 2011 by Sophos
Sophos is warning computer users following the discovery of an SEO attack affecting Google searches, targeting both Mac and Windows users. The attack happens when users search for various terms via Google – ranging from global warming, to hot topics like Osama bin Laden’s death – with results linking to a fake anti-virus program.
When visiting the compromised URLs, computer users are first prompted with a JavaScript-based fake scanner that appears to show an infected Windows XP computer - even when surfing from a Mac.
When computer users click on or close the fake scanner page, they are prompted to download a .zip file with a filename such as "BestMacAntivirus2011.mpkg.zip.”
"This new attack may trick Mac users, as it poses as a legitimate security program called MacDefender," said Graham Cluley, senior technology consultant at Sophos. "Once your computer is infected, the malware will continue to bombard users with fake warning messages to encourage them to pay for non-existent threats to be removed. If computer users are concerned about the security of their machines, they should go directly to a legitimate IT security site."
Users of the free Sophos Anti-Virus for Mac Home Edition are protected by the identities OSX/FakeAVZp-B and OSX/FakeAV-DMP. Windows users are protected against the Windows version known as Mal/FakeAV-FS.