The plague of rogue AV scareware apps has been a source of controversy and heated debate over the past few weeks. Mac users are trained to believe the OS is impervious, making them easier targets for social engineering attacks like MacDefender.

Apple initially stayed out of the fray, and directed support techs not to get involved with eradicating the malware from Mac systems, but eventually Apple acknowledged the threat and developed this update to address the problem.

Mac users should download and apply the update immediately.

These attacks generally have a technical element as well. The latest variants of the Mac scareware take advantage of a setting in Safari to automatically open “safe” files, and the ‘cookiejacking’ attack uses a weakness in the security zones protection of Internet Explorer. But, technical component aside, these attacks rely on somehow convincing the user to do something through social engineering.

A post on the Windows Security Blog focused on the ‘cookiejacking’ attack explains, “This is a form of social engineering attack and these kinds of threats will remain a concern for Internet users on all browsers. Software vulnerabilities are not needed for these kinds of threats to be successful so it is always a good idea to follow best practices – regardless of the browser you are using – in order to stay safe.”

The post offers six simple tips you can use to identify social engineering attacks, and avoid becoming a victim.

1. Odd messages from friends on social networking sites to participate in games or offers you must act upon immediately.
2. Alarmist messages and threats of account closures.
3. Promises of money for little or no effort.
4. Deals that sound too good to be true.
5. Requests to donate to a charitable organization after a disaster that has been in the news.
6. Bad grammar and misspellings.

If you want to get to the bottom of something–whether it is a political scandal, a murder mystery, or the source of rogue AV scareware attacks against Mac OS X…follow the money.

Security reporter Brian Krebs did just that and he has connected the dots leading from MacDefender and the sudden plague of Mac malware back to a Russian payment processing company–ChronoPay.

Observant Mac users reported the domain names that the rogue AV attacks were being directed to for payment. Krebs did some digging into the WhoIs details to try and determine the owner of those domains to follow the money back to the source. It so happens that Krebs is also in possession of tens of thousands of pages of ChronoPay documents leaked in a data breach last year which allowed him to follow the trail back to ChronoPay.

It is unclear how that knowledge can be put to good use. Given the nature of international law enforcement, prosecuting attacks across national borders can be tricky.

In the meantime, Mac users should just be aware of the issue, and follow the guidance from Apple to address the threat pending an update for Mac OS X to guard against it.