IMF boss rape video? Mac malware spreads via Facebook links

Filed Under: Apple, Facebook, Malware, Social networks, Spam

Mac OS X malware is being spread by sick messages spreading virally across Facebook, claiming to be a video of controversial IMF boss Dominique Strauss-Kahn.

The fake anti-virus attack first appears in your timeline as a message apparently posted by one of your friends.

IMF boss Dominique Strauss-Kahn Exclusive Rape Video - Black lady under attack!

oh shit, one more really freaky video O_O

IMF boss Dominique Strauss-Kahn Exclusive Rape Video - Black lady under attack!
IMF chief Dominique Strauss-Kahn rape scandal. Mother of Alleged Rape Victim: Dominique Strauss-Kahn Did Not Want To Be President of France - ABC News

(I have obscured the image used in the message in case it causes offence).

The message's text refers to the news story of IMF chief Dominique Strauss-Kahn who is facing charges in New York over charges that he tried to rape a hotel maid.

In terms of sick headlines to entrap users, this one ranks right up there. It's been, of course, a very big news story - and many people have been following the case with interest. And that probably explains why the hackers have used the promise of a video as bait.

Clicking on the link takes you to a webpage, which appears to consist of a still from a sex movie. However, when I visited the page on my Apple Mac I was rapidly redirected to a "Mac Defender"-style fake anti-virus attack, written specifically with the intention of infecting my computer.

Mac malware attack

Sophos Anti-Virus for Mac intercepted the attack as OSX/FakeAVZp-C.

What's interesting is that up until now we have mostly seen these fake anti-virus attacks target Mac users by poisoning search engine results. But now we are seeing them being distributed by viral Facebook spam campaigns as well.

Mac malware attack

It's probably not too difficult to put yourself in the shoes of a computer user who knows that they are possibly about to watch a seedy video, only to find themselves facing a screen warning them of numerous security threats.

In many ways this is a genius piece of social engineering to frighten unsuspecting Mac users into installing the software and handing over their credit card details.

It's just a shame that Facebook's own security systems are currently failing to stop these links from spreading.

Download Sophos's free anti-virus for Mac home users. It's automatically updated to protect against the latest threats. Another step you should take is changing the default settings on Safari - it's not a complete defence, but it can help a little.

And if you're on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

Update: It's not just Mac users who are at risk from this attack. If you click on the link from a Windows computer it's possible you could be taken to a webpage that attempts to infect you with the Troj/Mdrop-DMN Trojan horse.

, , , , , , , ,

You might like

5 Responses to IMF boss rape video? Mac malware spreads via Facebook links

  1. mich · 1590 days ago

    People need to disable "others posting to my wall" feature. When you see this malware posted on someones wall it came from one of their friends that allowed a dirty app (eg. Farmville bonus or gift capture) to post to their wall. These apps were developed to be used for many reasons which includes malware. Since I have dumped all my so-called-friends who use these dirty apps and turned off posting to my wall I have not had any of these postings pop up on my or remaining friends walls. Simple as that. I warned friends about the dirty apps they used and some said so. So I said goodbye to them first cuz I don't want scams and malware showing up on my wall. If they are that slow to catch on how malware and scams work then I don't want them around me in the first place.

  2. Lety F · 1590 days ago

    I downloaded the Sophos antivirus for Mac. So far, so good. Thanks!

  3. DSchwartzberg · 1590 days ago

    I came across the same 'Apple Security Alert' while browsing through some Google image results Sunday night. My spidey senses were tingling and knew better. I have to say, at least the cybercriminals got the OS correct. I was getting tired of seeing Windows XP styled windows on my MacBook Pro when FakeAV was popping up. I find that an insult to our security minded collective intelligence.

    I'm happy to say that the Sophos Mac AV free for home use deftly warned me with the same 'OSX/FakeAVZp-C' pop-up Graham mentioned.

  4. thats really sick..

  5. Bailey · 1192 days ago

    That message on the mac fake page, didn't call the computer a mac but a PC! rofl, fail

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley