« 419 Stupidity...Squared | Main | CAPTCHA Right Back Atcha »

February 26, 2008

A long-running thread in the malware world is that the Mac OS isn't a big enough target to attract malware authors. I don't subscribe to that belief, as I detail in Spam Wars. But I did see today clear evidence that another type of Internet crook—the so-called OEM software download seller—recognizes a market when he sees it.

The message is titled:

Subject: Hpg Hey you Apple Fans LTKS

Although I've seen some recent Subject: lines reference Macs, the message bodies hawked Windows software, typically Vista. Today's message, however, really spoke the Mac language:

Cheap Apple s0ft: iWork, iLife, .MAC etc.

The links were to oh-so-ubiquitous spammer blogspot.com sites. Per usual, the BlogSpot pages automatically redirected to the actual selling site—a domain supposedly registered in China, currently hosted in South Korea. This site is not Mac-specific. Instead, it's a full-service supplier of pirated, unsupported, un-upgradeable software of all kinds. There is, however, a Mac department.

Of course, the particular software products pitched in the email aren't particularly expensive, even at retail. It's certainly not worth the risk of your credit card data to attempt to buy this crap, thinking you're going to save twenty bucks. Additionally, remember that when you install a lot of Mac software, you are commonly presented with a dialog requiring your system password. That permission grants the installer free reign over your system. If any of this downloadable software contains some, um, extra, unadvertised goodies—malware—you'll have given it a free ride into your system. Every computer system is vulnerable if you give the bad guys the master keys.

Mac or Windows, I wouldn't let any of this "OEM" software come within a ten-foot pole's reach of my computer.