The malware that has been making the rounds of Macintosh computers in the last few weeks may have a similar author as a Windows-based scareware that appeared at about the same time.
The Windows-based version is called Winwebsecdef. Hamish O'Dea and Tareq Saade, writing in Microsoft's Threat Research & Response Blog, note that Mac Defender, which is a piece of fake anti-virus software, looks very similar.
Both pieces of malware behave in a very similar way as well. Both perform fake virus scans, telling users that their machines are infected, and both say that the full version of the anti-virus software has to be paid for. The payment gateway O'Dea and Saade note, is nearly the same in both cases.
Peter James, a spokesman for Intego, which described Mac Defender earlier this month, said it is almost impossible to trace the origin of the malware, at least initially. But the similar user interfaces and the very minor changes between the first versions of Mac Defender and the latest ones point to the authors being the same group of people or individual.
Chester Wisniewski, a senior researcher at Sophos, said it is sometimes possible to figure out who wrote the malware by getting into the records of the company that processes payments. But there are many that turn a blind eye when customers engage in criminal activity.