MacSweeper



MacSweeper is a rogue application that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland-based computer security software company, on January 17, 2008.

, the official website for the application, macsweeper.com, was shut down, as was the website for KiVVi Software shortly after.

Problems caused by MacSweeper
MacSweeper could be downloaded through KiVVi software's (the company that makes the "rogue") website, as a drive-by download, or silently downloaded with another application. Once automatically installed, MacSweeper scans the computer and informs the user that many applications on their computer (such as iCal or Dashboard, safe pre-installed Apple applications) are "fat binaries or trash" and must be slimmed immediately. When the unsuspecting user tries to "Remove Objects", they are told that the trial version downloaded cannot delete the supposed trash. Then the user must provide credit card details to the company for a $39.99 "lifetime subscription serial key".

Clones
MacSweeper's Graphical User Interface and behaviour is almost identical to another program that is published by KiVVi Software, Cleanator. Cleanator, however is designed for Windows operating systems. It is also very similar to the SpySheriff and SpyAxe applications, infamous for typosquatting Google. A paragraph from within the software that encourages users to purchase the full version is identical to that of SpySheriff.

Removal
Companies including McAfee, Symantec and Sunbelt Software have identified the threat and have posted removal instructions on their websites. Intego VirusBarrier and iAntivirus are capable of removing it too. SiteAdvisor, a division of McAfee has controversially given the site a green rating. However, SiteAdvisor's tests are conducted on PCs, that cannot recognise .dmg, the file format of MacSweeper.

Media attention
MacSweeper has received much media attention from websites including CNET as well as others, as it is considered to be one of the first instances of malware designed for the Mac OS X operating system.

MacSweeper's response
After F-Secure alerted Macintosh users about the rogue, MacSweeper responded on F-Secure's website, saying

"I would like to explain all the situation, about MacSweeper.

We are really trying to make a good software, and you wont find any viruses/spyware/trojans/malware in MacSweeper (test it your self, if you don't believe me, you can use any type of firewalls, dissemblers, or other tools).

The problem is that we are using selling partners that forces us to use this marketing type. We would like to leave them, we don't want to completely destroy Good Name of MacSweeper application.

Personally I adore Mac Platform, and it hurts to hear that the program you wrote is said to be some kind of "Rogue application", i wouldn't like to destroy good manners of software written for it :((

I would like to say sorry for all inconveniences that we could bring to you, but believe MacSweeper is meant to be a useful application. You can ask Questions, and i will try to answer them!

Thank You!"