Be aware of MAC Defender malware!

Discussion of general issues, not related to a specific Mac or iDevice operating system.
User avatar
bluesky
Forum Member - Level 3
Forum Member - Level 3
Posts: 114
Joined: Tue Apr 12, 2011 7:03 am
Location: Sequim-Port Angeles
Contact:

Be aware of MAC Defender malware!

Post by bluesky » Mon May 02, 2011 8:33 am

Be aware of this malware targeted at Mac OSX users.

Please pass this info on to other Mac users you know.

http://www.macnn.com/articles/11/05/02/ ... llibility/
"All computers wait at the same speed."

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3136
Joined: Thu Apr 07, 2011 10:09 am

Re: Be aware of MAC Defender malware!

Post by Stephen Hart » Mon May 02, 2011 9:19 am

Note that it's fairly common (or at least used to be) to see such scams on web sites. And there are a number of other related ways advertisers try to get you to download software.

Most of this is Windows software, and won't harm a Mac. Apparently MacDefender does work on a Mac. I'll be interested to see if it really bypasses the usual OS X warnings about downloaded software. Those are so general that I bet the software does not bypass that.

Bottom line: never download any software unless you specifically went searching for that software. Never run software that you didn't deliberately download. Never answer yes if your Mac unexpectedly asks if you want to run a downloaded application.

And if you're wondering about antivirus or antimalware software, ask here first.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
bluesky
Forum Member - Level 3
Forum Member - Level 3
Posts: 114
Joined: Tue Apr 12, 2011 7:03 am
Location: Sequim-Port Angeles
Contact:

Re: Be aware of MAC Defender malware!

Post by bluesky » Mon May 02, 2011 2:22 pm

Also read more about it on the MacWorld web site here..

http://www.macworld.com/article/159595/ ... ws_h_crawl
"All computers wait at the same speed."

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3136
Joined: Thu Apr 07, 2011 10:09 am

Re: Be aware of MAC Defender malware!

Post by Stephen Hart » Mon May 02, 2011 2:47 pm

That is a good article David.

And, just as I thought, Macworld says it does not break OS X's security. It relies on the user to enter an admin password.
As nefarious as MAC Defender might be, the level of concern over infection remains low: Users must be tricked into downloading and installing the program, as well as entering their administrator password.
Remember that any application can include code that qualifies as malware. This one seems relatively crude.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
bluesky
Forum Member - Level 3
Forum Member - Level 3
Posts: 114
Joined: Tue Apr 12, 2011 7:03 am
Location: Sequim-Port Angeles
Contact:

Re: Be aware of MAC Defender malware!

Post by bluesky » Fri May 06, 2011 9:42 am

MACDefender malware evolves into new forms
updated 03:20 pm EDT, Thu May 5, 2011

Name, contents may vary

The MACDefender malware made public on Monday has already mutated into different versions, says security company Intego. A given example is "Mac Security," a fake antivirus program. As with MACDefender an attack begins when a person clicks on a malicious web link. This pops up a fake Windows Explorer window, claiming that a computer is infected with a prompt to remove offending code.
Clicking on Cancel actually begins downloading a ZIP file with an installer inside. Should a person click Install, and then enter their account password, Mac Security can then launch and pretend to find non-existent threats. The app's real purpose is to push people to "register" their copy of Mac Security by paying the malware's creator.

Several versions of the malware are said to be in the wild. Intego adds that these may have different names and/or payloads. They may be relatively easy to protect against though, as if they copy MACDefender and Mac Security they require a victim's permission to install.


Read more: http://www.macnn.com/articles/11/05/05/ ... z1Laxpdnvq
"All computers wait at the same speed."

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3136
Joined: Thu Apr 07, 2011 10:09 am

Re: Be aware of MAC Defender malware!

Post by Stephen Hart » Tue May 10, 2011 9:15 am

MACDefender updated yet again.
As usual, I add the admonition to never, ever download software unless you specifically went searching for that software.
If you're concerned about viruses or other malware on the Mac platform, ask here before you do anything.

Also note that this thread describes my attempt to help someone with the MACDefender trojan exploit.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3136
Joined: Thu Apr 07, 2011 10:09 am

Re: Be aware of MAC Defender malware!

Post by Stephen Hart » Wed May 18, 2011 5:05 pm

from Macintouch:
Experiences

K. M. Peterson
Ric,
All I can say about this is, "wow".
Anonymous AppleCare Rep, quoted by Ed Bott, on the the "Mac Defender" malware:
Over the weekend, I got an e-mail from an AppleCare support rep, who was responding to my recent reports of Mac malware being found in the wild. At least one prominent voice in the Mac community dismisses these reports as "crying wolf." The view from inside an Apple call center says it's for real:
I can tell you for a fact, many, many people are falling for this attack. Our call volume here at AppleCare is 4-5x higher than normal and [the overwhelming majority] of our calls are about this Mac Defender and its aliases. Many frustrated Mac users think their Mac is impervious to viruses and think this is a real warning from Apple. I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls.
I contacted this person and arranged an interview. I've edited our conversation to remove any details that might identify this individual or the call center location, but otherwise this is a verbatim transcript.
Full interview at:An AppleCare support rep talks: Mac malware is "getting worse".
[See also: What a Mac malware attack looks like. -MacInTouch]
I'll just reiterate. This is not a virus. For any harm to ensue, a user must
1. decide to download an application, then
2. decide to run that application, then
3. decide to override OSX's warning, then
4. decide to fill in a form with personal information

Let's make sure SMUG members don't get taken in by this scam. If any SMUG member sees a warning about virus protection, ask here first!

By the way, this is the usual way scammers get personal information. They ask, sometimes politely. No legitimate bank, software manufacturer, anti-virus campaigner, etc., etc. will ever ask for personal information in an unsolicited web popup or e-mail or phone call. Anything that even remotely looks like that should be ignored.

Here's my credit union's statement:
Attachments
warning.jpg
warning.jpg (15.14 KiB) Viewed 1603 times
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3136
Joined: Thu Apr 07, 2011 10:09 am

Re: Be aware of MAC Defender malware!

Post by Stephen Hart » Fri May 20, 2011 7:39 am

More reports of this malware on Macintouch today.
One person claims to have found the downloaded file in her Downloads folder without having downloaded anything deliberately. As that's the only report of that type I've heard of I doubt that story highly.
There's no need to buy anti-malware software for this threat. Just pay close attention to anything you download. And pay close attention to OS X warnings about downloaded applications and about applications being run for the first time. There's no excuse for not heeding these warnings.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
bluesky
Forum Member - Level 3
Forum Member - Level 3
Posts: 114
Joined: Tue Apr 12, 2011 7:03 am
Location: Sequim-Port Angeles
Contact:

Re: Be aware of MAC Defender malware!

Post by bluesky » Mon May 23, 2011 9:26 am

The Sourcefire Vulnerability Research Team (VRT) has a great blog on MacDefender, the rogue antimalware trojan currently spreading on Mac systems.
http://vrt-blog.snort.org/2011/05/macde ... iants.html
This malware is known by a variety of names, including "Mac Defender", "MacProtector", "Mac Security", "Apple Security", and "Apple Security Center". The blog is filled with excellent technical details and images, and it also has clear and easy procedures for removing it, which I will repeat here:

1. In Safari under "Preferences", at the bottom of the "General" tab (the first tab), uncheck "Open safe files". This will prevent Safari from starting threats like MacDefender automatically after downloading them.
2. Open up "Activity Monitor" (this is in your Utilities folder within Applications)
3. Find "MacDefender" (or whatever the malware is being called, MacProtector, Mac Security, etc)
4. Highlight it then click "Quit Process" which looks like a big red stop sign at the top right of the Activity Monitor screen.
5. Next, open System Preferences, and go to "Accounts". When it appears click on the "Login Items" button, select the program, and then click the "minus" button to remove it from Login Items.
6. Next, navigate to your Applications folder, find the program, drag it to the trashcan, and then empty the trashcan.

Yes. It's really that simple to remove.
"All computers wait at the same speed."

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3136
Joined: Thu Apr 07, 2011 10:09 am

Re: Be aware of MAC Defender malware!

Post by Stephen Hart » Mon May 23, 2011 4:04 pm

Great post David.

I'd only add that in Activity Monitor, there's a "Filter" field at the upper right corner. You can type in there a key word from every version of this trojan horse that you know about.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests