Microsoft links Mac Defender to Windows scareware campaign

Microsoft has been doing some detective work and reckons that the same team behind Windows-based scareware known as Winwebsec is responsible for the Mac Defender rogue security software which hit the headlines this week after Apple reportedly tried to sweep the problem under the carpet.

Mac Defender was discovered by security firm Intego early this month, and it didn't take long before Apple user forums were full of reports of the scareware, which tries to persuade users to buy an 'anti-virus' product by tricking them into believing their machine is infected.

More controversially, it was then reported that Apple's support service, AppleCare, had been told not to confirm or deny the malware if asked by a customer.

In a posting on the Threat Research and Response blog, Microsoft suggested that the two families of scareware have remarkably similar traits.

"The best example is that the URL format that FakeMacdef uses to call home is almost identical to that which we see in Winwebsec. The purchase pages are also similar," the blog noted.

"In addition to using similar UIs, we noticed that they even share the same payment gateway (this is the site where users are duped into giving the criminals their credit card information). Simply changing the file name from 'buy.php' to 'mac.php' causes the 'branding' to change from the Windows version to the Mac version."

In many ways it's not surprising that the same cyber crime team is targeting scareware at Mac and Windows users, as scammers and malware writers are increasingly looking to exploit users of an Apple platform which until recently has not been popular enough to warrant their attention.

As if to highlight this trend, possibly the world's first cyber crime kit aimed at Macs was found on an underground internet forum by Danish IT security vendor CSIS Security Group earlier this month.