Intego discovers new ‘MACDefender’ malware threat for Mac OS X - ehMac.ca
Facebook
Twitter
YouTube
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read Advertise


Reply
 
LinkBack Thread Tools Display Modes
Old May 2nd, 2011, 12:10 PM   #1
Retired Mayor of ehMac
 
Join Date: Feb 2000
Location: Ontario
Posts: 10,264
Send a message via AIM to ehMax
Post Intego discovers new ‘MACDefender’ malware threat for Mac OS X

Apparently not a big deal, and of course a company selling Mac anti-malware software is the first to report it, but Intego is reporting that "MAC Defender Rogue Anti-Malware Program Attacks Macs via SEO Poisoning"

"Intego has discovered a rogue anti-malware program called MACDefender, which attacks Macs via SEO poisoning attacks. When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open “safe” files after downloading in Safari, for example), will open. The file is decompressed, and the installer it contains launches presenting a user with the following screen:



If the user continues through the installation process, and enters an administrator’s password, the software will be installed.



It is important that users not continue with any unexpected installation of this type."
ehMax is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old May 2nd, 2011, 12:15 PM   #2
mguertin
Guest
 
Posts: n/a
Moral of the story ... if you go to a website and then a software installer runs don't do it.

It's funny how Intego "finds" these things. With the few that they've presented in this manner I've never seen in the wild at all and even when searching very extensively for them can usually only find reference from their site (and sometimes links from other sites to their site for the PR).
  Reply With Quote
Old May 2nd, 2011, 12:36 PM   #3
Honourable Citizen
 
imactheknife's Avatar
 
Join Date: Aug 2003
Location: Back In Collingwood..
Posts: 2,365
Seems kinda of funny, and fishy. These companies seem desperate to try and find viruses and malware for OSX. I still haven't used any anti-virus or malware software since I started using macs in 1997.
__________________
My Avatar is my Macbook Pro with an original Apple Sticker.
I use a 15" Macbook Pro, Mac Pro, and a Core 2 Duo Mac Mini. I also use an Apple Cube dual 500 with a radeon 7500 and 1.5 gigs of ram.
imactheknife is offline   Reply With Quote
 
Old May 2nd, 2011, 12:39 PM   #4
Honourable Citizen
 
Join Date: Jun 2006
Posts: 6,076
So, like any dangerous software for OS X, it requires the user be dumb enough to install it.
John Clay is offline   Reply With Quote
Old May 2nd, 2011, 01:21 PM   #5
Honourable Citizen
 
screature's Avatar
 
Join Date: May 2007
Location: Aylmer (Gatineau) across the river from Ottawa
Posts: 20,720
Quote:
Originally Posted by John Clay View Post
So, like any dangerous software for OS X, it requires the user be dumb enough to install it.
A bit harsh, not knowledgeable enough, is a much nicer and probably more accurate way of putting it.
screature is offline   Reply With Quote
Old May 2nd, 2011, 06:46 PM   #6
Honourable Citizen
 
pm-r's Avatar
 
Join Date: May 2009
Location: Brentwood Bay BC
Posts: 14,892
Quote:
Originally Posted by screature View Post
A bit harsh, not knowledgeable enough, is a much nicer and probably more accurate way of putting it.
+1.

And I was just reading some posts at the Apple Discussions thread and a recent switcher got hit with all kinds of alert notices while attempting to download a pdf file.

Knowing that Macs were virus free (which the notices were displaying that he was infected) and Apple is good about protection of such stuff etc., he followed the directions to install it all which he gathered was supported by Apple.

Then some nit-picking reply post that stated that he should have noticed that some filename or some such was missing from the installer that he should have noticed. Gheese.
pm-r is offline   Reply With Quote
Old May 2nd, 2011, 09:20 PM   #7
Honourable Citizen
 
Join Date: Nov 2006
Posts: 17,489
Mac Anti-Virus Software has been traditionally more dangerous than that from which it claims to protect.
__________________
Ad links appearing in my posts were not placed there by me. I do not endorse any products which may be linked to my posts. Do not click on those links.

I retain all rights to photo-images I have posted on ehMac. They were posted that other members of the community could enjoy them. They may not be used or sold in any other way without my written consent.

Social Distancing is an Oxymoron. The correct term is Social Demonization or Social Repression
eMacMan is offline   Reply With Quote
Old May 21st, 2011, 11:18 PM   #8
Honourable Citizen
 
pm-r's Avatar
 
Join Date: May 2009
Location: Brentwood Bay BC
Posts: 14,892
Well, well, well. Guess what I discovered on our G4 MDD that's basically my wife's Mac when I went to use it, and the Safari preferences are set to download any files to to the Desktop, rather than the default user's 'Downloads' folder.

Three copies of "MacSecurity.mpkg" awaiting to be opened and installed!!!
Just one of the Mac Security Fake Antivirus malware names: (aka MacDefender, MacSecurity, MacProtector) installers.

She doesn't do any of the Mac "update stuff" as that's my job, and she likes a VERY clean desktop and she also thought that the newly downloaded files were something I was doing or working with on her Mac.

The G4 is only seldom used for her email and just a few Safari gardening and various friend's blog sites and she has NEVER clicked on anything to download when using Safari, so it's interesting to see the various malware installers on her desktop or how they even got there.

Unfortunately I had not installed "DownloadComment" to her user account, but it is now, to see the originating source if it occurs again - if it would even show the site or which site was actually possibly responsible for the download of the malware installer.

These (aka MacDefender, MacSecurity, MacProtector) installers may be more generally quietly and surreptitiously downloaded and more insidious than as first reported - at least for the uninformed Mac user.
pm-r is offline   Reply With Quote
Old May 21st, 2011, 11:31 PM   #9
Full Citizen
 
Dr T's Avatar
 
Join Date: May 2009
Posts: 769
Quote:
Originally Posted by pm-r View Post
...
These (aka MacDefender, MacSecurity, MacProtector) installers may be more generally quietly and surreptitiously downloaded and more insidious than as first reported - at least for the uninformed Mac user.
Thanks, I will pass this on.
Dr T is offline   Reply With Quote
Old May 25th, 2011, 12:01 AM   #10
Retired Mayor of ehMac
 
Join Date: Feb 2000
Location: Ontario
Posts: 10,264
Send a message via AIM to ehMax
Apple going to Issue Mac OS X Update to Remove 'MacDefender' Malware

Apple has released a tech article "How to avoid or remove Mac Defender malware"

Last Modified: May 24, 2011
Article: HT4650


Summary
A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender "anti-virus" software to solve the issue.

This “anti-virus” software is malware (i.e. malicious software). Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes.

The most common names for this malware are MacDefender, MacProtector and MacSecurity.

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.

In the meantime, the Resolution section below provides step-by-step instructions on how to avoid or manually remove this malware.

Products Affected
Mac OS X 10.4, Mac OS X 10.6, Mac OS X 10.5


Resolution
How to avoid installing this malware

If any notifications about viruses or security software appear, quit Safari or any other browser that you are using. If a normal attempt at quitting the browser doesn’t work, then Force Quit the browser.

In some cases, your browser may automatically download and launch the installer for this malicious software. If this happens, cancel the installation process; do not enter your administrator password. Delete the installer immediately using the steps below.
  1. Go into the Downloads folder or your preferred download location.
  2. Drag the installer to the Trash.
  3. Empty the Trash.

How to remove this malware

If the malware has been installed, we recommend the following actions:
  • Do not provide your credit card information under any circumstances.
  • Use the Removal Steps below.

Removal steps
  • Move or close the Scan Window
  • Go to the Utilities folder in the Applications folder and launch Activity Monitor
  • Choose All Processes from the pop up menu in the upper right corner of the window
  • Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector
  • Click the Quit Process button in the upper left corner of the window and select Quit
  • Quit Activity Monitor application
  • Open the Applications folder
  • Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
  • Drag to Trash, and empty Trash

Malware also installs a login item in your account in System Preferences. Removal of the login item is not necessary, but you can remove it by following the steps below.
  • Open System Preferences, select Accounts, then Login Items
  • Select the name of the app you removed in the steps above ex. MacDefender, MacSecurity, MacProtector
  • Click the minus button

Use the steps in the “How to avoid installing this malware” section above to remove the installer from the download location.
ehMax is offline   Reply With Quote
Reply

Tags
macdefender rogue anti malware

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
In moving to OS X... csonni Anything Mac 4 Jan 18th, 2003 09:28 AM


All times are GMT -4. The time now is 11:25 AM.



Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright © 1999 - 2012, ehMac.ca All rights reserved. ehMac is not affiliated with Apple Inc. Mac, iPod, iTunes, iPhone, Apple TV are trademarks of Apple Inc. Content Relevant URLs by vBSEO 3.6.0 RC 2

Tribe.ca: Urban living in Toronto!