Intego has discovered a fake antivirus program that targets Mac users via SEO poisoning attacks. When a user clicks on certain links after performing a search on a search engine such as Google, they are sent to a web site that displays a fake Windows screen with an animated image showing a malware scan. A window then tells the user that their computer is infected. After this, JavaScript on the page automatically downloads a file. The file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open safe files after downloading in Safari, for example, will open. The installer it contains launches presenting a user with the following screen:”]
Source: http://contagiodump.blogspot.com/2011/05/may-2-mac-defender-fake-antivirus.html