PDA

View Full Version : New 'MACDefender' Malware Threat for Mac OS X



the8thark
3rd May 2011, 12:03 AM
New 'MACDefender' Malware Threat for Mac OS X
New 'MACDefender' Malware Threat for Mac OS X - Mac Rumors (http://www.macrumors.com/2011/05/02/new-macdefender-malware-threat-for-mac-os-x/)

What do you all think?

Mac Ram
3rd May 2011, 09:51 AM
Ain't no AV against plain stupidity.

Even the screenshot shows the user has to install.

glacierdave
3rd May 2011, 10:55 AM
Got my first two infected Macs in the workshop now.

They tell me that they didn't see any admin password requester for the initial infection/install. Intego says it'll ask for an admin password to install but I saw a couple of other articles on the web this morning suggesting this may not occur (but providing no details).

Given that in the case of the infected computers they're being used by teens I suspect they got a password requester and went ahead and entered one to install...

David

Stez
3rd May 2011, 04:12 PM
Just don't click continue or enter your password.

http://verbswish.com/swishism/wp-content/uploads/2009/08/simples.bmp

zbaron
3rd May 2011, 05:06 PM
MACDefender? Is this some kind of ethernet level intrusion prevention system? If bad people out there want to attack the Mac, they should at least get the name right! :rolleyes:

nibbles
3rd May 2011, 05:12 PM
meh, when one can install itself and ruin my computer I might care but at the moment I won't enter my admin password unless I know what it's for, i.e legal bought software.

Abaddon
5th May 2011, 12:58 PM
"Users are of course reminded that day-to-day system usage with standard accounts rather than administrator ones, as well as unchecking the Safari option for automatically opening "safe" files, are two of the simplest ways users can enhance their online security, adding extra layers of confirmation and passwords in the way of anything being installed on their systems. "

Right there is all the anti-virus 'software' you need. It's fair to say that with the increased popularity of Apple products this sort of thing will increase, but as moto51 writes, until it can install itself bypassing admin security, then it's still more of a social engineering virus.

TheKeddi
5th May 2011, 03:00 PM
meh, when one can install itself and ruin my computer I might care but at the moment I won't enter my admin password unless I know what it's for, i.e legal bought software.

Ditto, but I bet this flies around the computer world that Macs are now as bad as windows :-(

harryb2448
14th May 2011, 07:29 AM
If you are using Safari go into Preferences > General and make sure the box 'Open safe downloads' is NOT selected. The default setting of opening so called 'safe' downloads is contributing to these malware problems.

Brains
14th May 2011, 08:25 PM
What with the huge surge in the number of cases of Win.FakeAV over the last few months, it doesn't suprise me one iota that it would appear on OSX. The infection vector for the Windows counterpart is almost always the same, and relies on social engineering -- someone posts a link to a video on your Facebook Wall, you click the link, you get a 100% authentic-looking alert saying you need an update to your Flash Player. Adobe seem to have updates for it every few weeks, so you naturally go "sigh, another one" and click to install. Within minutes, the Russian Mafia has hijacked your machine, blocking you from doing the most basic tasks, saying everything is "infected" and by ringing your credit card number through to buy the "antivirus" you can regain control. Of course, if you're silly enough to do that all that happens next is your credit card gets siphoned dry within ten minutes.

Tell everyone you know, doesn't matter if they're on OSX or Windows, if they're browsing -- especially if they're on Facebook -- and they get an alert saying something (such as Flash) needs updating, DO NOT CLICK! Instead, go to the website of the company that put up the update alert and check to see if there is an update, and if so, get it direct from the maker's site.

yagankiely
24th May 2011, 03:41 AM
legal bought software.What of legal free software?

sirstaunch
26th May 2011, 04:12 PM
The next Apple update is ment to be ridding and stopping this so called MacDefender Apple Promises OS X Update to Delete Mac Defender Malware (http://www.macstories.net/news/apple-promises-os-x-update-to-delete-mac-defender-malware/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+macstoriesnet+%28MacStories%2 9)

torana355
26th May 2011, 04:37 PM
This actually got downloaded on my mac and when i saw it i laughed and deleted the download. I was using Firefox so it did not try to open automatically. You really have to have no idea to get hit with things like this.

snark
26th May 2011, 08:35 PM
This has made me think about AV for my MBP, especially as the most recent variant doesn't need your admin password to install itself. I think it's only a mater of time before someone puts together a drive-by exploit with a really nasty payload and plonks it on a million web servers.

This Macworld article seems to be well thought out: Mac Defender: Pay attention but don't panic | Antivirus & Security | Macworld (http://www.macworld.com/article/160098/2011/05/macdefender.html#lsrc=twt_macworld)

glacierdave
27th May 2011, 07:32 AM
In my RSS feeds yesterday it was mentioned (I think it was TUAW) that there's now a MacDefender variant that doesn't require you to enter a password. Payload is still basically a credit card con but infection now easier...

My workshop has seen a fair number of infections now. Easily cleaned up but they're there.

At the moment, my concern with AV for Mac is that AV for Win traditionally does fairly badly at protecting from this type of threat anyway so I'm not convinced AV for Mac would do any better.

Gotta say, I was a little surprised at the number of infections considering the infection method.

David

GrantR1961
27th June 2011, 09:37 PM
The next Apple update is ment to be ridding and stopping this so called MacDefender Apple Promises OS X Update to Delete Mac Defender Malware (http://www.macstories.net/news/apple-promises-os-x-update-to-delete-mac-defender-malware/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+macstoriesnet+%28MacStories%2 9)

Yes the next update addresses this.

Just updated to 10.6.8; the first reason to upgrade was to prep the App Store for Lion, but one of the others was to Delete MacDefender.