Microsoft said this week that it has evidence of a link between the fake security software now plaguing Mac users and a hard-charging family of similar software on Windows.
Phony security software, labeled "rogueware" and "scareware" by experts, has long been a huge thorn in Windows' side. But earlier this month researchers announced the discovery of a Mac-specific scam that claims the machine is heavily infected.
[ Discover the key Mac, iOS, and Apple tech trends for business users. Read InfoWorld's Technology: Apple newsletter. | Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. | Get a dose of daily computer security news by following Roger Grimes on Twitter. ]
Once installed, the software nags users with pervasive pop-ups and fake alerts until they fork over a fee to purchase the worthless program.
To get rid of the program's alerts -- and the occasional pornographic page that pops up in the browser, a new twist intended to make victims think their computers have been hijacked -- many Mac owners pay the $79.50 "registration fee" for the worthless program.
Mac users have reported being duped into downloading the fake software on Apple's support forums and increasing numbers to Mac-centric antivirus vendor Intego, which has identified at least three names for the same product: MacDefender, MacSecurity, and MacProtector.
The bogus program is believed to be the first security software scam on the Mac.
On Tuesday, engineers who work for the Microsoft Malware Protection Center (MMPC) said that users who visit a Web page posing as a free online virus scanner get served either Mac or Windows scareware.
"This distribution component reads the client's [browser] user agent in order to discern the operating system, and then serves up a malicious application designed for that operating system," said Hamish O'Dea and Tareq Saade on the MMPC blog.
The site delivers scareware dubbed "Win32/Winwebsec," while Macs get "MacOS_X/FakeMacdef," O'Dea and Saade said, using Microsoft's labels for the OS-specific versions of the fake security software.
There's also evidence that the same cyber criminal, or gang of scammers, created both versions.
O'Dea and Saade cited several similarities in the code of the two phony security programs, including nearly-identical URLs as the destination for "phone home" transmissions, similar Web addresses for the purchase pages of the pair, and sharing the same payment gateway, the site where users enter their credit card information to buy the useless utilities.