Mac ‘scareware’ in the wild

By chrislim at 9:12 pm on January 15, 2008 | 3 Comments

Security software vendor F-Secure has recently reported the first known “scareware” scam targeting Mac users. The software known as MacSweeper ( poses as legitimate security software that “discovers” numerous fake problems and threats, which can only be solved by purchasing their $40 product. A senior security specialist at F-Secure shared two ways he determined the illegitimacy of MacSweeper: running their provided scan showed vulnerabilities in Mac-specific folders even when run on Windows machines and the company’s “About Us” section was taken directly from Symantec Corp.’s website. The website itself however is very professionally done and it is difficult for casual users to notice its phony nature.

Scareware is not a new phenomenon; it has existed in the Windows realm in the form of such software as WinFixer and IEDefender for quite sometime, but it appears that the Mac is becoming a more attractive target for malicious social engineers as its user base has been steadily increasing in recent years. This was bound to eventually happen and there is little that could have been done beforehand to prevent the rise of this type of software. From an end-user perspective, Mac users must clearly be more wary of internet scams and trained in discerning illegitimate sites (just like Windows users; since these types of threats exploit vulnerabilities at a more human-relational level they supercede technological differences). Developers could help mitigate the threat of being deceived by making Mac browsers like Safari and Firefox use simple heuristics such as checking each website against a blacklist to warn users when they are visiting a potentially malicious site. Government authorities could help by prosecuting savvy swindlers working on the web and closing down these types of deceptive sites; however this is precisely where larger privacy issues come into play. uses a Ukrainian domain name server and was registered by individuals using the PrivacyProtect ( anonymizing service to hide their identity. These services have a legitimate function in protecting people’s identities (e.g. someone in a nation with restricted freedom of speech or religion, or a whistleblower, etc.), but also are easily abused by malicious individuals who wish to cover their tracks. The proper balance of privacy and security extends beyond the scope of this article, but suffice it to say that governments need to be able to identify and prosecute online criminals* so they can protect their citizens. The good news is that the PrivacyProtect service has an abuse reporting system for this very purpose.

While the urgency of addressing the scareware problem is unclear (since we do not know how many people are victimized by MacSweeper and similar software), we can expect that such trickery will only increase in the future and should therefore work to improve public training, browser software, and internet policy in the hope of deterring these social engineering attacks and other online criminal activity.

* I realize I’m using strong language by saying ‘criminal’ (especially if it turned out that MacSweeper had a real product offering), however the false representations (of the condition of a users’ system) and scare tactics are clearly unethical. This would be a particularly appropriate term if MacSweeper installed a trojan (or some other malware) or abused customers’ credit card information (but I don’t have any evidence that it does either of these at this time). The idea of “scare tactics” also brings up ethical questions for any security company: are they exaggerating security issues to drum up more business or do they hold a genuine and appropriate level of concern?


Filed under: Current Events,Ethics,Policy,Privacy3 Comments »


  • 1
    Get your own gravatar for comments by visiting

    Comment by Robert

    January 16, 2008 @ 11:16 pm

    Unfortunately, this type of software if fairly prevalent. The main one that comes to mind is the memory management programs for Windows that claim to free up lost memory. In reality, they spawn a process that starts to gobble up memory and when it’s taken everything available (including memory from other programs) the process is killed and it appears that the system has lots of free memory. Unfortunately with the Windows fetch process (better in Vista), applications now have to go back to disk when they are activated, thus taking much longer to activate since they need to load into memory again.

    The program does what it says it does but its not valuable and is misleading. The MacSweeper program seems to be more unethical but in my opinion all types of software like this are scams.

  • 2
    Get your own gravatar for comments by visiting

    Comment by Marcis Gasuns

    January 23, 2008 @ 3:59 pm

    They could, at least, change the About us page 🙂 I wonder how many Apple fans did bought this toy to find things that never really existed.

  • 3
    Get your own gravatar for comments by visiting

    Comment by dohfiddle

    January 24, 2008 @ 3:12 am

    Microsoft World has been plagued with this stuff forever the best advice is visit the company website (microft apple etc) and ask for advice directly from them.

RSS feed for comments on this post