MacSweeper explained

MacSweeper is a rogue application that misleads users by exaggerating reports about spyware, adware or viruses on their computer.[1] It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland-based computer security software company, on January 17, 2008.[2]

, the official website for the application, macsweeper.com, was shut down, as was the website for KiVVi Software shortly after.

Problems caused by MacSweeper

MacSweeper could be downloaded through KiVVi software's (the company that makes the "rogue") website, as a drive-by download, or silently downloaded with another application. Once automatically installed, MacSweeper scans the computer and informs the user that many applications on their computer (such as iCal or Dashboard, safe pre-installed Apple applications) are "fat binaries or trash" and must be slimmed immediately. When the unsuspecting user tries to "Remove Objects", they are told that the trial version downloaded cannot delete the supposed trash. Then the user must provide credit card details to the company for a $39.99 "lifetime subscription serial key".[3]

Clones

MacSweeper's Graphical User Interface and behaviour is almost identical to another program that is published by KiVVi Software, Cleanator. Cleanator, however is designed for Windows operating systems. It is also very similar to the SpySheriff and SpyAxe applications, infamous for typosquatting Google. A paragraph from within the software that encourages users to purchase the full version is identical to that of SpySheriff.[4]

Removal

Companies including McAfee, Symantec and Sunbelt Software have identified the threat and have posted removal instructions on their websites. Intego VirusBarrier and iAntivirus are capable of removing it too. SiteAdvisor, a division of McAfee has controversially given the site a green rating. However, SiteAdvisor's tests are conducted on PCs, that cannot recognise .dmg, the file format of MacSweeper.

Media attention

MacSweeper has received much media attention from websites including CNET[5] as well as others,[6] as it is considered to be one of the first instances of malware designed for the Mac OS X operating system.

MacSweeper's response

After F-Secure alerted Macintosh users about the rogue, MacSweeper responded on F-Secure's website, saying

[7]

References

http://blog.intego.com/index.php?s=macsweeper

See also

Notes and References

  1. Web site: Macsweeper - Symantec.com : Summary . https://archive.today/20130104192640/http://www.symantec.com/security_response/writeup.jsp?docid=2008-011613-5206-99&tabid=1 . dead . January 4, 2013 . 2008-01-17.
  2. Web site: First Rogue Cleaning Tool for Mac . F-Secure Weblog : News from the Lab . 2007-01-15.
  3. Web site: Macsweeper - Symantec.com : Technical Details . https://web.archive.org/web/20091006135200/http://www.symantec.com/security_response/writeup.jsp?docid=2008-011613-5206-99&tabid=2 . dead . October 6, 2009 . 2008-01-17 .
  4. News: MacSweeper in SpyWareLoop.com. Vincentas . Spyware Loop . 9 July 2013 . 28 July 2013.
  5. Web site: Kawamoto, Dawn . Security researcher issues warns against rogue MacSweeper . News Blog . 2008-01-15 . CNET News .
  6. Web site: MacSweeper - Google News .
  7. Web site: MacSweeper Responds . F-Secure Weblog : News from the Lab . 2008-01-16 .