MacSweeper

Last updated
Screenshot from MacSweeper's Software Macsweeper buy.jpg
Screenshot from MacSweeper's Software

MacSweeper is a rogue application that misleads users by exaggerating reports about spyware, adware or viruses on their computer. [1] It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland-based computer security software company, on January 17, 2008. [2]

Contents

As of 2009, the official website for the application, macsweeper.com, was shut down, as was the website for KiVVi Software shortly after.

Problems caused by MacSweeper

MacSweeper could be downloaded through KiVVi software's (the company that makes the "rogue") website, as a drive-by download, or silently downloaded with another application. Once automatically installed, MacSweeper scans the computer and informs the user that many applications on their computer (such as iCal or Dashboard, safe pre-installed Apple applications) are "fat binaries or trash" and must be slimmed immediately. When the unsuspecting user tries to "Remove Objects", they are told that the trial version downloaded cannot delete the supposed trash. Then the user must provide credit card details to the company for a $39.99 "lifetime subscription serial key". [3]

Clones

MacSweeper's graphical user interface and behaviour is almost identical to another program that is published by KiVVi Software, Cleanator. Cleanator, however is designed for Windows operating systems. It is also very similar to the SpySheriff and SpyAxe applications, infamous for typosquatting Google. A paragraph from within the software that encourages users to purchase the full version is identical to that of SpySheriff. [4]

Removal

Companies including McAfee, Symantec and Sunbelt Software have identified the threat and have posted removal instructions on their websites. Intego VirusBarrier and iAntivirus are capable of removing it too. SiteAdvisor, a division of McAfee has controversially given the site a green rating. However, SiteAdvisor's tests are conducted on PCs, that cannot recognise .dmg, the file format of MacSweeper.

Media attention

MacSweeper has received much media attention from websites including CNET [5] as well as others, [6] as it is considered to be one of the first instances of malware designed for the Mac OS X operating system.

MacSweeper's response

After F-Secure alerted Macintosh users about the rogue, MacSweeper responded on F-Secure's website, saying

I would like to explain all the situation, about MacSweeper.

We are really trying to make a good software, and you wont find any viruses/spyware/trojans/malware in MacSweeper (test it your self, if you don't believe me, you can use any type of firewalls, dissemblers, or other tools) .

The problem is that we are using selling partners that forces us to use this marketing type. We would like to leave them, we don't want to completely destroy Good Name of MacSweeper application.

Personally I adore Mac Platform, and it hurts to hear that the program you wrote is said to be some kind of "Rogue application" , i wouldn't like to destroy good manners of software written for it :((

I would like to say sorry for all inconveniences that we could bring to you, but believe MacSweeper is meant to be a useful application. You can ask Questions, and i will try to answer them!

Thank You! [7]

Related Research Articles

Spyware is any malware that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in other malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

<span class="mw-page-title-main">Spybot – Search & Destroy</span> Spyware removal software

Spybot – Search & Destroy (S&D) is a spyware and adware removal computer program compatible with Microsoft Windows. Dating back to the first Adwares in 2000, Spybot scans the computer hard disk and/or RAM for malicious software.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the original Norton 360 security suite. The suite was once again rebranded to Norton 360 in 2019.

<span class="mw-page-title-main">WinFixer</span> Rogue security software

WinFixer was a family of scareware rogue security programs developed by Winsoftware which claimed to repair computer system problems on Microsoft Windows computers if a user purchased the full version of the software. The software was mainly installed without the user's consent. McAfee claimed that "the primary function of the free version appears to be to alarm the user into paying for registration, at least partially based on false or erroneous detections." The program prompted the user to purchase a paid copy of the program.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

<span class="mw-page-title-main">SpySheriff</span> Spyware

SpySheriff is a malware that disguises itself as anti-spyware software. It attempts to mislead the user with false security alerts, threatening them into buying the program. Like other rogue antiviruses, after producing a list of false threats, it prompts the user to pay to remove them. The software is particularly difficult to remove, since it nests its components in System Restore folders, and also blocks some system management tools. However, SpySheriff can be removed by an experienced user, antivirus software, or by using a rescue disk.

<span class="mw-page-title-main">PC Tools (company)</span> Australian software company

PC Tools was a software company founded in 2003 and acquired by Symantec in 2008; the new owner eventually discontinued the PC Tools name. Company headquarters were in Australia, with offices in Luxembourg, the United States, United Kingdom, Ireland, and Ukraine. The company had previously developed and distributed security and optimization software for the Mac OS X and Microsoft Windows platforms.

The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a Trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005, but only started gaining attention in mid-2006.

<span class="mw-page-title-main">VirusTotal</span> Cybersecurity website owned by Chronicle

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

MonaRonaDona is a browser hijacker that uses unique tactics through popups or alert messages stating that you are infected with a virus. It uses this message to send users on a hunt for a MonaRonaDona remedy only to run into other malicious websites.

Man-in-the-browser, a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a covert fashion invisible to both the user and host web application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or two- or three-factor authentication solutions are in place. A MitB attack may be countered by using out-of-band transaction verification, although SMS verification can be defeated by man-in-the-mobile (MitMo) malware infection on the mobile phone. Trojans may be detected and removed by antivirus software, but a 2011 report concluded that additional measures on top of antivirus software were needed.

<span class="mw-page-title-main">Microsoft Security Essentials</span> Discontinued antivirus product for Microsoft Windows

Microsoft Security Essentials (MSE) is a discontinued antivirus software (AV) product that provides protection against different types of malicious software, such as computer viruses, spyware, rootkits, and Trojan horses. Prior to version 4.5, MSE ran on Windows XP, Windows Vista, and Windows 7, but not on Windows 8 and later versions, which have built-in AV components known as Windows Defender. MSE 4.5 and later versions do not run on Windows XP. The license agreement allows home users and small businesses to install and use the product free of charge.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

MS Antivirus is a scareware rogue anti-virus which purports to remove virus infections found on a computer running Microsoft Windows. It attempts to scam the user into purchasing a "full version" of the software. The company and the individuals behind Bakasoftware operated under other different 'company' names, including Innovagest2000, Innovative Marketing Ukraine, Pandora Software, LocusSoftware, etc.

<span class="mw-page-title-main">Genieo</span> Israeli company specializing in Mac malware

Genieo Innovation is an Israeli company, specializing in unwanted software which includes advertising and user tracking software, commonly referred to as a potentially unwanted program, adware, privacy-invasive software, grayware, or malware. They are best known for Genieo, an application of this type. They also own and operate InstallMac which distributes additional 'optional' search modifying software with other applications. In 2014, Genieo Innovation was acquired for $34 million by Somoto, another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user". This sector of the Israeli software industry is frequently referred to as Download Valley.

<span class="mw-page-title-main">Malvertising</span> Use of online advertisement or advertising to spread malware

Malvertising is the use of online advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. Because advertising content can be inserted into high-profile and reputable websites, malvertising provides malefactors an opportunity to push their attacks to web users who might not otherwise see the ads, due to firewalls, more safety precautions, or the like. Malvertising is "attractive to attackers because they 'can be easily spread across a large number of legitimate websites without directly compromising those websites'."

Mac Defender is an internet rogue security program that targets computers running macOS. The Mac security firm Intego discovered the fake antivirus software on 2 May 2011, with a patch not being provided by Apple until 31 May. The software has been described as the first major malware threat to the Macintosh platform. However, it is not the first Mac-specific Trojan, and is not self-propagating.

References

  1. "Macsweeper - Symantec.com : Summary". 2008-01-17. Archived from the original on January 4, 2013.
  2. "First Rogue Cleaning Tool for Mac". F-Secure Weblog : News from the Lab. 2007-01-15.
  3. "Macsweeper - Symantec.com : Technical Details". 2008-01-17. Archived from the original on October 6, 2009.
  4. Vincentas (9 July 2013). "MacSweeper in SpyWareLoop.com". Spyware Loop. Retrieved 28 July 2013.
  5. Kawamoto, Dawn (2008-01-15). "Security researcher issues warns against rogue MacSweeper". News Blog. CNET News.
  6. "MacSweeper - Google News".
  7. "MacSweeper Responds". F-Secure Weblog : News from the Lab. 2008-01-16.

http://blog.intego.com/index.php?s=macsweeper

See also

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.