It was brought to my attention today that you’ve now published a knowledge base article explaining how to remove the prolific MacDefender fake security software and it’s various iterations.
While I cannot speak on behalf of an entire industry, I think all of us welcome you with open arms to the team tasked with helping the computer using community stay safe online.
I have to admit though, as a newbie, it appears that you may have some confusion in your terminology.
You state in your article:
“A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus.”
In our business phishing has a very specific definition. According to Wikipedia the agreed upon definition of phishing is:
Noun: The fraudulent practice of sending e-mails purporting to be from legitimate companies in order to induce individuals to reveal personal information, such as credit-card numbers, online.
We have observed that most users are being infected through malicious web pages that are turning up in Google Image searches. The malicious web pages display a fake security scanner convincing the victim to load a program that is in fact malware.
We call this type of an attack a Trojan, referring back to the social engineering trick the ancient Greeks pulled on the Trojans. Wikipedia defines a Trojan as:
“A Trojan horse, or Trojan, is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but (perhaps in addition to the expected function) steals information or harms the system.”
It is also a bit strange that you don’t recommend people to run an anti-virus program when they have been infected or attacked by malicious code. Perhaps it might be prudent to refer people encountering malware on their Macs to your documentation?
It’s great to have you as a partner in our fight against cybercrime, and we hope you continue your commitment to keeping your customers safe online. Can we simply agree to use the same vocabulary and keep our message clear?
Be cautious, question everything and enjoy your internet experience.
Leave a reply