The Mac Security Blog

Malware

Comment Moderator for Popular Blog Shilling for Malware Creators?

Posted on May 27th, 2011 by

We keep a close watch on articles that discuss Mac security issues, malware, and related subjects. In most cases, when it’s the Mac press or the general tech press that discusses these questions, articles are balanced, informed and correct. However, comments to articles on websites and blogs range from lucid and cogent to weird and ill-informed.

So, when we spotted an article today on the Huffington Post, discussing the latest variant of the MacDefender malware, we glanced quickly at the comments, expecting to see the usual range of opinions. We were very surprised when we noticed that a user who is listed as “HUFFPOST COMMUNITY MODERATOR” posted the following:

Now, there are two possibilities here. The first is that the user is shilling for the creators of this malware. As we have pointed out – and as other security companies and media have shown, and as Apple has even said – these fake antiviruses are indeed a real threat. They don’t do anything but take your credit card numbers. The comment posted by this person is not only wrong, but highly dangerous, given their credibility as a moderator on the Huffington Post web site.

The second possibility – one that we cannot exclude – is that his account was hacked, and the comment was, indeed, posted by the creators of the fake antiviruses.

In either case, users should be very careful about taking seriously comments they read on websites, blogs and forums. While some users posting in such venues may know something about computer security, most don’t. (There are certainly a number of very good comments in the thread we link to; but there are also many that are useless.)

Trust us, this is no conspiracy. If all the major computer security companies are warning against this, and if Apple has even published a tech note about it, it is clearly a serious threat. The comment we illustrate above is exactly what the makers of these fake antiviruses want you to believe. We sincerely hope that the moderator’s account was hacked, because someone with what seems to be credibility on a website posting such information is very, very dangerous. These fake comments about the fake antiviruses may appear on other websites, so ignore them if you see them.