AVSystemCare, DriveCleaner, and MalwareAlarm (a clone of AntiSpywareShield) are known rogue antispyware/antivirus application "brands". They are part of a growing list of misleading applications that deceive users by displaying scary warnings about the computer being infected with a large number of fake threats, and then ask them to buy the software before they will fix the problems.
We wrote about AVSystemCare clones a few months ago. Since then, the number of the domain names associated with these misleading applications has reached 500 and is still growing. Similarly, the new clones of MalwareAlarm keep popping up as well, often downloaded by Downloader.MisleadApp.
All these clones have one thing in common – they target Windows. But if you are a Mac user, and thought that the folks behind these security risks were only targeting Windows users, you’d be wrong. A few days ago, our friends from F-Secure discovered the first misleading application for Mac OS X, called MacSweeper.

Our research leads us to believe that this application has been released, after a few months of testing, by the very same group behind these other security risks. In fact, a quick comparison of the home pages, fake scanning engines, and general user interfaces shows that a liberal amount of content has been borrowed from the other misleading applications.

MacSweeper scanner

MalwareAlarm scanner

MacSweeper scanner detects threats

MalwareAlarm scanner detects threats
Given that the Mac platform is becoming more and more popular these days, it’s no surprise that security risk and malware authors are focusing on the platform in the search for additional profits.
Take the Trojan.Zlob family of Trojans, which often serve up fake video codecs through malicious Web sites. These sites are now offering different files, depending on the HTTP user agent information (specifically the browser type and operating system) sent to the malicious sites. If you visit one of these Web sites with a Mac, the download offered will likely be a version of the Mac-specific OSX.RSPlug.A Trojan.
It is probably too early to thoroughly assess the impact of MacSweeper’s release on the threat landscape. The various security risk authors are known for their malicious productivity on the Windows platform. The list of domains is growing every month and with new domains come new clones. But whether Mac-based versions are a flavor-of-the-month trend or here to stay has yet to be determined.


More...