Cyber-criminals begin fake AV attacks on Mac

May saw new attacks on Apple users, more attacks on Windows 64-bit OS

Tags: Cyber crimeKaspersky Lab
  • E-Mail
Cyber-criminals begin fake AV attacks on Mac Kaspersky Lab says there has been an increase in attacks on Mac and Windows 64-bit OS.
By  Georgina Enzer Published  June 26, 2011

May has seen a number of new developments in cyber-crime, including more attacks on Mac users, including the first fake antivirus attacks, and a growth in the number of cyber-criminals attacking Windows 64-bit OS, according to Kaspersky Lab.

Rogue antivirus attacks hit many unsuspecting Apple users during May 2011; the first attacks were detected shortly after the death of Osama Bin Laden.

Apple users searching for information on Bin Laden's death were instead hit by a phishing attack. The attack took the form of a browser window notifying users of a severe Trojan virus infection on their computer, which could be removed if the suggested software was downloaded. Once the user had agreed to use the software, the rogue antivirus (MAC defender) would say that it had detected several malicious programs on the computer, which were not there, and asked for $59-80 to remove them.

According to Kaspersky, the number of virus signatures in MAC Defender's antivirus database is 184,230, while the number of malicious programmes created for Mac to date amounts to hundreds.

In May, the number of attempts to infect users' computers with rogue anti-virus programmes was 109,218, almost half the amount seen between February and March 2010.

The growth in users utilising the Windows 64-bit OS in May resulted in a boost in the number of cyber-criminals attacking the system. Brazilian cybercriminals, whose specialisation over the last few years has been banking Trojans, released the first banking rootkit for the Windows 64-bit OS (Rootkit.Win64.Banker).

This rootkit targets users' logins and passwords to online banking systems. During attacks, users' are redirected to fake bank log-in pages.

ZeroAccess also made a comeback in May, but this time the Trojan is capable of functioning on x64 systems.

The attacks on Sony continued in May, with Sony's Thai site compromised on 20th May and, as a result, a phishing page targeting Italian credit card owners was hosted on hdworld.sony.co.th.

On 22nd May, Sony's music site in Greece, SonyMusic.gr, was attacked, making user data available for public access, including users' nicknames, real names and email addresses. On 24th May, vulnerabilities were detected on sony.co.jp.

Kaspersky Lab has predicted that similar services to the PlayStation Network will become targets of similar types of attacks going forward.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code