Slashdot Mirror
Scareware Signed With Apple Cert Targets OS X Machines (threatpost.com)
msm1267 writes: A unique scareware campaign targeting Mac OS X machines has been discovered, and it's likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate.
"Sadly, this particular developer certificate (assigned to a Maksim Noskov) has been used for probably two years in similar attacks," said Johannes Ullrich, dean of research of the SANS Institute's Internet Storm Center, which on Thursday publicly disclosed the campaign. "So far, it apparently hasn't been revoked by Apple."
"Sadly, this particular developer certificate (assigned to a Maksim Noskov) has been used for probably two years in similar attacks," said Johannes Ullrich, dean of research of the SANS Institute's Internet Storm Center, which on Thursday publicly disclosed the campaign. "So far, it apparently hasn't been revoked by Apple."
Use a good browser plugin or some good backend rules, but block every single advert out there. That stops the "OHHH YOU GOTTA INSTALL THIS" vector that fools clueless visitors into downloading and running the trojan.
Good people install adblocking on every single computer they touch. Bad people allow ad's from websites.
Dear web admins.... WAHH. If you cant vet and host your ads yourself to make sure they are safe, you dont DESERVE your ad's to make it through.
Do not look at laser with remaining good eye.