MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

26.1.09

Attacking Mac systems through false security tool

Who said it was for windows?

While it's true that the massiveness of the various techniques of deception and infection are extremely common on Windows platforms, security is the responsibility of any system, regardless of infrastructure or platform, so there are threats from rogue type (also called scareware) for Mac systems

In this case, the recent fake security tool called iMunizator (actually not so recent, as their first steps made during 2007 and early 2008, but returned to the "load" again), can be downloaded from different websites that respond to a single IP address (67.205.75.10) hosted in Ukraine, a web hosting company called iWeb Technologies Inc.

www. imunizator. com
www. imunizator. net
imunizator. com
imunizator. net
mac-imunizator. net

This malware shared "web space" with other rogue much better known through the IP 70.38.19.203:

Antispyware Deluxe (AntiSpywareDeluxe. Com)
Antivirus 2009 (antivirus-2009-pro. Net)
Antivirus 2010 (av2010. Net)
Vista Antivirus 2008 (vav-2008. Net)

iMunizator is also developing strategies of deception for some time, changing domains to raise, even changing its name (formerly MacSweeper).

A more interesting fact is that the stock transfer funds to "buy" the wrong tool is done through a company called Plimus e-commerce, completely legal of Israeli origin but with centralized offices in USA (San Diego and Silicon Valley) and in Ukraine. That is why users will see in the address bar secure HTTPS protocol present in every recommendation and other guidelines which aim to provide security by showing that we are operating from a trusted site.

The current malware constantly seeking sensitive information from users for fraud where a high percentage of sufferers spread windows platforms, but this means that malware writers are turning to look toward new goals. Consequently, we must handle the same good security practices regardless of technology to which it applies.

Related information
A recent tour of scareware II
A recent tour of scareware

Jorge Mieres

0 comentarios:

Post a Comment