« Science proves it: Mac users are better than you | Main | New iPod is tickled pink »
Thoughts on MacSweeper
Wow, with all the Macworld buzz, a rather important story has fallen through the cracks. Now that it's Friday and things have slowed a bit, let's talk about the MacSweeper story.
In case you haven't heard, MacSweeper is a piece of software that advertises itself as a cleaner/anonymizer tool to prevent others from discovering your unsavory browsing habits (not to be confused with "Mac Sweeper", an optimization tool last updated around 2005.) Users are offered a free scan, but cleaning the system will require a purchase.
According to more than one security company, however, MacSweeper doesn't really clean your Mac. In fact, it doesn't do much of anything except take your money.
To clarify, MacSweeper isn't really malware in that it doesn't do anything particularly malicious. It doesn't download any trojans or steal info or create pop-ups.
MacSweeper is what is known as a rogue security program. It offers a fake scan which will always provide positive results in an effort to scare the user into making a purchase, then does nothing to actually fix the problem.
As one VNUnet.com reader noted, this is standard operating practice for a number of rogue PC apps. many will go even further, actually downloading additional malware. So what's the big deal?
The group behind MacSweeper is also believed to be the maker of Spy Sheriff, a rogue security tool for Windows which uses similar tactics to spread. And it spreads well.
Now, they're looking to expand to Mac users who are less familiar with the tactic and far less likely to have security software installed.
That's the big deal.
Social engineering doesn't exploit any security holes, so Apple can't patch it. Some security products are able to scan for suspicious behavior, but even that can be sidestepped by malware writers. Besides, only a minute fraction of Mac users actually use antivirus software, since there is almost no malware targeting the platform.
As one McAfee researcher noted, social engineering is cross-platform. As MacSweeper doesn't do much of anything guys had to do very little mac software development. Most of the work is done in HTML on the web site. Far easier than creating a trojan and finding a vulnerability to exploit.
A Deeper Look On MacSweeper, with developer comments:
http://blog.iantivirus.com/2008/01/deeper-look-on-macsweeper.html
Posted by AngelO. | January 20, 2008 12:21 PM