toggle

AAPL Stock: 562.29 ( -3.03 )

'MACDefender' malware targets Mac users via web links

updated 12:10 pm EDT, Mon May 2, 2011

Attack dependent on user gullibility


A new piece of malware called MACDefender is currently targeting users of Mac OS X, says security firm Intego. The exploit begins with a person clicking on a link to a malicious site with special embedded JavaScript code. The code triggers a ZIP file download; if a browser like Safari is set to open downloaded files automatically, people are then presented with an installer interface.

Mitigating the seriousness of the threat is that the malware requires people to accept installation and provide an administrator password. It is also possible to disable automatic launch of downloaded files, assuming the option has been turned on in a browser in the first place. Apple support forum posters observe that it's possible to scrub the malware by killing processes in Activity Monitor and then dragging MACDefender from the Applications folder to the Trash.

The software coincidentally shares a name with a small company responsible for two apps, GCStatistic and DTmatrix. The outfit denies any association with the malware. "I would never release an application named like this," MacDefender's operator says.


by MacNN Staff

print
email
(6)

TAGS :

 security, troubleshooting, software, Safari

Related Articles

Recent Articles

toggle

Comments

  1. ricardogf

    Fresh-Faced Recruit

    Joined: Jan 2003

    +5
    05/02, 03:04pm | report spam | Reply |

    Huh?

    So let me get this straight:

    1 - I must search for something on the Internet that leads me to that link (probably suspicious already);
    2 - Javascript, IF activated, will start downloading a file, even though such a process can be stopped in the Safari downloads window;
    3 - The suspicious ZIP file MUST be opened;
    4 - I must then OPEN the unzipped suspicious file, which will then lead me to a suspicious installer;
    5 - I must AUTHORIZE the computer to install the suspicious file by providing my password;
    6 - EVEN after doing all that, I can just kill processes and delete the file so that all is fine again.

    And people still wanna call that "virus" or "malware"? Gimme a break! I've got a lot more damage from script kiddies who once sent me a disguised terminal command as a PDF file. This is a non-issue...

  1. DA360

    Fresh-Faced Recruit

    Joined: Dec 2009

    0
    05/02, 04:33pm | report spam | Reply |

    It has to be installed...

    Like the rest of the EXTREMELY few Mac OS X, Unix, or Linux viruses, they have to be installed or they require your admin password to take effect. Aka, you have to be completely unaware or be (a lack of better terms) stupid to get infected by a virus on a Mac.

  1. gskibum3

    Fresh-Faced Recruit

    Joined: Nov 2006

    +5
    05/02, 06:10pm | report spam | (1 reply) Reply |

    comment title

    Oh believe me I know a couple of users that would fall for this.

    In fact I'm directing them to this article now.

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    +3
    05/02, 06:36pm | report spam | Reply |

    Re: Huh?


    1 - I must search for something on the Internet that leads me to that link (probably suspicious already);

    No, you just need to open an infected web page. As you may know, there was what was described as a 'sql injection' exploit recently that allowed hackers to put scripts into other's web pages. Thus, it isn't going to "Really iffy web site", it's going to "some web site".

    2 - Javascript, IF activated, will start downloading a file, even though such a process can be stopped in the Safari downloads window;

    What do you mean "If activated"? Except for the paranoid few, no one disables javascript these days. So much of the wonderful new web 2.0/3.0 won't work without javascript. But, hey, if you want to dream, right.

    3 - The suspicious ZIP file MUST be opened;

    Um, no. The zip file automatically opens because, as we well know, Apple has "Automatically Open 'trusted' files" turned on by default in Safari.

    4 - I must then OPEN the unzipped suspicious file, which will then lead me to a suspicious installer;

    Again, no, the installer's finder window opens automatically.

    5 - I must AUTHORIZE the computer to install the suspicious file by providing my password;

    Yeah, because we all know Apple users would never enter their password when prompted. Nah. They're all too smart for that.

    6 - EVEN after doing all that, I can just kill processes and delete the file so that all is fine again.

    OK, now you're just being annoyingly thick-headed. Yes, you can do all that, assuming you realize you've just installed something you shouldn't have.

    However, these types of malware are not out to get YOU, since you're way too smart to fall for it. They're trying to get those who don't pay that much attention. You know, like how 90% of Windows PCs get infected. Some idiot clicking "Run" on something they shouldn't.

    And people still wanna call that "virus" or "malware"? Gimme a break! I've got a lot more damage from script kiddies who once sent me a disguised terminal command as a PDF file. This is a non-issue...

    Wait? So you're saying you've been infected with a piece of malware on your mac? Well then, turn in that computer, bud. You're not swift enough to use an Apple machine.

  1. tightzeit

    Fresh-Faced Recruit

    Joined: Jul 2006

    +1
    05/03, 08:25am | report spam | Reply |

    Re: Huh?

    Have to agree with Testudo here. I've had my wife - despite lengthy instruction - click on some stupid page that said 'You have spyware' or some c*** and accused me of putting a variety of things on her iMac.

    The vast and I mean vaaaaast majority of people that I know using computers don't know about these things, don't want to know about these things and very sincerely could care less about the 'you shoulda known better' attitude. They want to surf the net and be protected. They don't want an IT degree to do that. They don't want tech support to do that. They don't want to spend $50 per call to fix problem.

    This attitude that we're smart and they're just stupid alienates the end user which is mind-boggingly stupid and reminiscent only of attitudes of people who have a massive chip on their shoulder. They are the only reason you make a single cent and you need to respect that.

    The point is, people want to get into their car and turn it on without so much as a whinny, they want to swipe their iPod touch and have it work smoothly and flawlessly, they want the money they spend to be worth it. And it's the same with their computers.

    Despite what many dimwits will counter, this is where Apple spends its money. My many years on (windows based) PC's consumed many troubleshooting hours which I always did, I believed it was just normal.

    On my first Mac I regularly ran three CPU intensive apps simultaneously and while it crashed occasionally, it was nowhere near the several daily kind of experience I'd had trying to run just a single CPU intensive app at the same time.

    Sounds like fanboi c*** but I was and am a tightass and refused to spend what I saw as 'Wasted money on overhyped, under-supported c***'. But using OS9 at the time, which was far from stable, for just a month, completely changed my mind.

    Anyway, I went from saying 'never' to saying 'of course' despite the many pitfalls of Apple gear.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

 

Popular News