"FakeMacdef contains most of its resources in a directory named "ru.lproj," as opposed to "en.lproj" ... this strengthens our suspicion that the developer may be Russian," O'Dea and Saade said.
Winwebsec, the designation of the Windows part of the duo, is a fast-climbing family of scareware, according to a recent Microsoft analysis of 2010's threat landscape.
In the tenth volume of its semi-annual security intelligence report -- which was released last week -- Microsoft said that its free malware cleaning tool had detected and deleted Winwebsec on over 600,000 Windows PCs in the fourth quarter of 2010.
Although it wasn't among the most prolific scareware variants for the entire year, Winwebsec was the third-most-common fake security family in the last three months of 2010, beat only by "FakeSpypro," which had double the number of infections than any other throughout the year, and "FakePAV," scareware that masquerade's as Microsoft's own Security Essentials software.
Microsoft tabulated scareware deletions from data provided by the Malicious Software Removal Tool, a free utility the company updates monthly and pushes to Windows users.
Microsoft's O'Dea and Saade told Mac users to invest in an antivirus program built for the Mac to keep FakeMacdef off their machines, or to remove it once there.
Several antivirus vendors prominent in the Windows market -- such as Symantec -- also sell Mac security software, while others, including Sophos and the Mac-only Intego, offer free or free trial antivirus programs.
Sign up for Computerworld eNewsletters.