When asked why he robbed banks, Willie Sutton reportedly said, “because that’s where the money is.” Although he later denied saying that, the quote endures and is applied to both legitimate businesses and criminal enterprises, including the production and distribution of what we generally think of as computer viruses or malware.
While many of the early PC viruses might have been motivated by ego and the desire to make a mark on the world by publicly disrupting other people’s lives, today’s malware writers, according to Trend Micro’s senior threat analyst Paul Ferguson, are motivated by the same thing that motivated Sutton and most other criminals.
I thought about this as I read a number of reports over the past few weeks about an anti-virus scam that goes by a number of aliases, including MacDefender, MacProtector and MacSecurity. As the various names imply, this particular scam goes after Macintosh users.
The Fix is In
Although Apple was first in denial about the threat the company ultimately did respond by issuing a patch to its OS X operating system to fix this particular problem.
While the Mac has never been immune to malware, it’s pretty rare that we hear about attacks against the platform, compared with the constant threats that Windows users have to deal with. For more than 20 years, I’ve been religious about making sure my Windows machines are protected by anti-malware programs but until very recently hadn’t bothered adding protection to my Mac. I just downloaded a 30-day trial copy of Trend Micro Smart Surfing for Mac (there is also Symantec’s Norton AntiVirus for Mac). It’s time for Mac users to wake up.
The fact that malware writers are going after the Mac shouldn’t come as a surprise. While there are still far more Windows machines than Macs in the world, Apple has been enjoying increased market share. One reason for Apple’s success is that a lot of people think the Mac is more hassle-free than Windows PCs, partially because it’s thought to be less vulnerable to malware.
Well, it’s time for a new episode of those famous “I’m a Mac” commercials, but in this one, the disheveled PC guy should turn to that cool-looking Mac guy and say “welcome to my world.”
Apple, of course, would never make such a commercial because it has no interest in promoting the fact that its customers are vulnerable. But last week the company finally posted a Web page to warn Mac users about MacDefender, reporting that a “recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus.”
In this particular scam, the malware writers try to convince users that their machine is infected and that the solution is to install their software, which actually does infect the machine.
The program, according to security firm Intego, “is very well designed, and looks professional.” It will occasionally report that your machine is infected and will also redirect you to porn sites which, according to an Intego blog, is most likely to make users think that they are infected by a virus, and that paying for MacDefender will fix the problem.
The most recent variant of the program doesn’t even require the user to enter a password, as is typically the case when installing Macintosh software.
Apple has said it will release a patch to OS X to find and remove MacDefender and its variants, but ZDNet blogger Ed Bott considers Apple’s response “too little, too late.” Bott wrote that “Apple appears to be treating this outbreak as if it were a single incident that won’t be repeated. They seriously underestimate the bad guys, who are not idiots. ”
Trend Micro’s Ferguson agrees that criminals who write malware are far from idiots. “For the past three or four years this whole ‘scareware’ issue has become a real epidemic, solely because it’s so financially lucrative for the criminals.” Ferguson speculated that the motivations behind these Mac attacks “may be an experiment to see how successful they can monetize it.” He said it might be a “test drive to see if they can increase their monthly revenue.” Lots of legitimate businesses expand into smaller markets to eke out a few percentage points in revenue, why shouldn’t criminal enterprises?
Ferguson said that he is also seeing a growing number of threats to Android mobile users because the platform is popular and because, unlike Apple with its tightly controlled App Store, Google isn’t locking down the distribution channel. We’re also seeing a growing number of threats against Facebook, which has attracted hundreds of millions of users.
As Microsoft did a number of years ago, Apple needs to admit it has security issues and not only provide technology fixes but also education to help its customers understand that using a Mac, while nice, is not as worry-free as was life in the Garden of Eden before Eve took a bite out of that other Apple.