Daniel Eran Dilger
The new support document describes the malware as a phishing scam that redirects users from legitimate websites to "fake websites which tell them that their computer is infected with a virus."
The websites then offer phony antivirus software to solve the problem, under the names Mac Defender, Mac Protector and Mac Security, often with MAC spelled in all caps.
Apple's removal steps detail quitting the offending app and deleting it from the Utilities folder it is installed into by default. The primary damage caused by the malware is to nag the user for their credit card information in an attempt to sell them a solution to a nonexistent problem.
Windows PC pundits, notably Ed Bott of ZDNet, have made highly publicized reports of the Mac Defender malware, suggesting it is evidence that Macs are now experiencing malware and virus problems comparable to those experienced by Windows users over the past two decades.
Security expert Charlie Miller, who has regularly won security contests demonstrating Mac exploits, has downplayed that real threat of the few Mac malware titles that have surfaced, recently noting in an interview that "Microsoft recently pointed out that 1 in 14 downloads on Windows are malicious. And the fact that there is just one piece of Mac malware being widely discussed illustrates how rare malware still is on the Mac platform."
Miller explained that while antivirus software can help protect your system from being infected, he also countered that "it's expensive, uses system memory and reduces battery life," stating, "At some point soon, the scales will tip to installing antivirus, but at this point, I don't think it's worth it yet for most people."
Apple recommends that Mac users "should exercise caution any time they are asked to enter sensitive personal information online" and notes that it "provides security updates for the Mac exclusively through Software Update and the Apple Support Downloads site."
The Mac Defender scam presents a phony website scanner with an appearance modeled after iTunes, and depicts itself as being an "Apple security center," apparently modeled after the "Windows Security Center" Microsoft added to its own product.
Because the phony web page and its popups are tied to the browser, they do not look native alerts from Mac OS X. The scam site is also unable to install the malware without the user supplying an administrative password. Even so, hundreds of users have been duped by the scam, although the outbreak appears to be more of a nagware annoyance than a serious security problem.
William Gallagher
Christine McKee
AppleInsider Staff
Chip Loder
Malcolm Owen
23 Comments
While Apple wasn't jumping into reacting to the malware - they not are procducing an automated security update, but gave manual instructions. Thorough and deliberate. Not EdBotting by running around screaming "my Macs gor malwarez! My Macs got malwarez!!"
Hmmmmmm. My new adjective for unreliable reactionary rumor-mongering: EdBotting!
Kewlz.
Sophos does the job!
This from MacWorld.com....see if you have it.
"...Launching Activity Monitor in your Applications folder, choose All Processes from the drop-down menu. Look for the name of the app in the Process Name column—in addition to Mac Defender, the malware also goes by MacSecurity and MacProtector—and click to select it. Click the Quit Process button in the top left of Activity Monitor, and select Quit from the resulting menu. Then you can quit Activity Monitor, go to your Applications folder, find the offending Mac Defender app, and drag it to the trash."Best
P.S. I bet no one who frequents AI has it. Finger's crossed, all the same, though!
It just amazes me how these malware/virus developers can go through so much work to make the app look "official" and put in fancy graphics and such, and yet still be unable to get their grammar / spelling in check.
I have come upon similar websites that "scans" my Windows systems for viruses. I have been on OSX since its beta release.