Feed
 

“MacDefender” malware

Avatar Euan Williams
Intego Anti-virus reports a new Trojan Horse for Macs running browsers when preferences are set to permit automatic opening of ‘Safe Files’ after downloading.

It masquerades as an anti-malware application, and can only penetrate into your system if you cooperate with its strategy by providing the correct Google search term and then manually clicking Admin. buttons in the Installer window. As it uses the Installer, the risk is classed as “low” -- for savvy users.

"MACDefender" has nothing to do with the the MacDefender geocaching website.

Details and good practise are here:.

and here:.

A mildly inconvenient avoidance tactic would be to disable “open safe files automatically” in browser preferences.

Mark Allen’s open source ClamXav (contribution-ware) is a free download for people nervous about dealing with malware -- always update the definitions regularly.

> www.ClamXav.com <

Re: “MacDefender” malware

Avatar Eric Jervis
I had experience of this. My granddaughter plays on a site called Woozworld, and for a week or so when she went to bed and I clicked the page away there was a MACdefender advert lurking behind it. Fortunately I've trained her never to download anything, and thanks to Euan's advice I've now disabled 'open safe files automatically' and lo and behold the problem has gone away. I've done the same thing with my daughter's 'new' MacBook delivered today.

Re: “MacDefender” malware

Avatar Mick Burrell
I've helped someone who fell for it! It seems straightforward to remove. He phoned me when he was asked to buy software for $59! So I charged him $60 ;-) Just joking!

Eric - why not set up a Standard (i.e. not administrator) account for your granddaughter. Standard accounts cannot install anything.

Re: “MacDefender” malware

Avatar Eric Jervis
I might well do that, Mick, because I spoke too soon; the damn thing is back again and it's not that one at all, it's called MacKeeper!

Re: “MacDefender” malware

Avatar Mick Burrell
I don't know but I wouldn't mind betting it's all part of the same one. It's known broadly as MacDefender but this afternoon I removed MacProtector so I expect they're changing the name to try to keep ahead!

Re: “MacDefender” malware

Avatar Eric Jervis
What absolute bounders!

Re: “MacDefender” malware

Avatar Euan Williams
MacWorld has just reported a Java-based botnet that can affect OSX as well as Windows. Detail is scarce so far, but it seems one has to have the "Java Runtime Environment" installed and be on-line for it to work:
Report.

I'm no programmer, but maybe one of our experts would like to comment?

Re: “MacDefender” malware

Avatar Euan Williams
Useful discussion and references about the state of Mac Malware is here.

Re: “MacDefender” malware

Avatar Euan Williams
Tuesday evening Apple posted this support page for avoidance or removal of this malware.

Re: “MacDefender” malware

Avatar Euan Williams
Last night Apple posted a Security Update to deal with MacDefender and siblings (via Software Update) it is also referenced in this knowledgebase article..

From now on Apple will send (in the background) the key "signatures" of all the malware it knows of, daily, to any enabled Mac. The Security Update enables this, although users may opt out from the updates if they wish.

Re: “MacDefender” malware

Avatar Mark Ford
Here is some vid of the malware being installed
The small window just appears while a google search is going on.

Re: “MacDefender” malware

Avatar Euan Williams
Thanks Mark, if that isn't a wake up video, what is!

OSX Daily and MacWorld offer updates on the automatic security downloads from Apple. It seems that these don't always start automatically even though your system preferences > security > general dialogue says that this choice has been made.

The OSXDaily artile is here

Read the article for information and the Terminal code (copy, paste into terminal -- quite safe and un-frightening) to check what is happening, then uncheck and recheck the system preference choice. Test with the Terminal code again to confirm.

Re: “MacDefender” malware

Avatar Euan Williams
Sorry, 'artile should read: article ;-)
 
Feed