Apple Releases Security Update to Fight Fake Security Software Campaign of Cybercriminals

(prHWY.com) June 1, 2011 - Albuquerque, NM -- In the recent times, cybercriminals have been targeting Mac users with fake anti-virus solutions. Scammers are using search engine poisoning to lead Internet users to malicious websites. When users search for images related to latest news such as Royal Wedding, Osama Bin Laden's death or even Mother's day, they also receive poisoned search results. Users who happen to visit a malicious website, receive a pop-up of a fake anti-virus scanner, which alerts that system is infected with malware. The attack seeks users to download "anti-virus" software, which comes in the form of a MacDefender, MacGuard, MacProtector and MacSecurity. The software is actually a malware, designed to extract confidential information such as credit card numbers. The attack comes in various variants. While the earlier versions of the attack sought administrator password from users to download the malware, security researchers recently identified a new version of the attack wherein users are not required to enter passwords. When users visit a specially crafted malicious site, the malware is downloaded automatically in their systems. In some cases, attackers extract personal and financial information such as name, address, contact numbers, e-mail address and credit card numbers by enticing users to purchase the fake security software.

Recently, Apple released a security update to detect and delete MacDefender malware and other variants. The latest update is available for Mac OS X 10.6.7 (Snow Leopard). The update has added the definition of MacDefender and other variants in circulation enabling examination of downloaded files and alerting users against malicious downloads. The new update will allow the system to check for daily updates to the file quarantine malware definition list and automatically update the known malware definitions. Users have the option to uncheck the daily additions to malware definitions. According to the security update by Apple, the latest update will detect and remove the known variants of the malware during the installation process and alert users after completion of installation.

Snow Leopard users must immediately install the update by directly visiting the site of the vendor or clicking on software updates option. Internet users must be wary of clicking on suspicious links in search results, third party links on legitimate websites, and links in e-mail coming from unknown sources. They must download genuine anti-virus software by directly visiting the site of a legitimate security software vendor. As attackers may use social engineering techniques to make users reveal privileged information, organizations must create awareness on security threats among employees through huddle sessions and workshops. Attackers may impersonate as a peer, subordinate, superior or stakeholder to extract privileged business or customer information from employees. Employees may also fulfill their security training requirements through online degree courses on cyber security.

Hiring professionals qualified in computer science degree and masters of security science may help organizations in timely detection of threat vectors and initiating mitigating measures.

Cybercriminals constantly evolve their modus operandi to deceive Internet users, and breach computer and network security. Therefore, IT professionals must update their technical skills and know-how to deal with ever evolving cyber security threats. They may leverage online university degree, online training and iPad training programs to enhance their capabilities.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

###