toggle

AAPL Stock: 101.32 ( + 0.74 )

Printed from http://www.macnn.com

'MACDefender' malware targets Mac users via web links

updated 12:10 pm EDT, Mon May 2, 2011

Attack dependent on user gullibility

A new piece of malware called MACDefender is currently targeting users of Mac OS X, says security firm Intego. The exploit begins with a person clicking on a link to a malicious site with special embedded JavaScript code. The code triggers a ZIP file download; if a browser like Safari is set to open downloaded files automatically, people are then presented with an installer interface.

Mitigating the seriousness of the threat is that the malware requires people to accept installation and provide an administrator password. It is also possible to disable automatic launch of downloaded files, assuming the option has been turned on in a browser in the first place. Apple support forum posters observe that it's possible to scrub the malware by killing processes in Activity Monitor and then dragging MACDefender from the Applications folder to the Trash.

The software coincidentally shares a name with a small company responsible for two apps, GCStatistic and DTmatrix. The outfit denies any association with the malware. "I would never release an application named like this," MacDefender's operator says.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. ricardogf

    Joined: Dec 1969

    +5

    Huh?

    So let me get this straight:

    1 - I must search for something on the Internet that leads me to that link (probably suspicious already);
    2 - Javascript, IF activated, will start downloading a file, even though such a process can be stopped in the Safari downloads window;
    3 - The suspicious ZIP file MUST be opened;
    4 - I must then OPEN the unzipped suspicious file, which will then lead me to a suspicious installer;
    5 - I must AUTHORIZE the computer to install the suspicious file by providing my password;
    6 - EVEN after doing all that, I can just kill processes and delete the file so that all is fine again.

    And people still wanna call that "virus" or "malware"? Gimme a break! I've got a lot more damage from script kiddies who once sent me a disguised terminal command as a PDF file. This is a non-issue...

  1. DA360

    Joined: Dec 1969

    0

    It has to be installed...

    Like the rest of the EXTREMELY few Mac OS X, Unix, or Linux viruses, they have to be installed or they require your admin password to take effect. Aka, you have to be completely unaware or be (a lack of better terms) stupid to get infected by a virus on a Mac.

  1. gskibum3

    Joined: Dec 1969

    +5

    comment title

    Oh believe me I know a couple of users that would fall for this.

    In fact I'm directing them to this article now.

  1. testudo

    Joined: Dec 1969

    +3

    Re: Huh?


    1 - I must search for something on the Internet that leads me to that link (probably suspicious already);


    No, you just need to open an infected web page. As you may know, there was what was described as a 'sql injection' exploit recently that allowed hackers to put scripts into other's web pages. Thus, it isn't going to "Really iffy web site", it's going to "some web site".

    2 - Javascript, IF activated, will start downloading a file, even though such a process can be stopped in the Safari downloads window;

    What do you mean "If activated"? Except for the paranoid few, no one disables javascript these days. So much of the wonderful new web 2.0/3.0 won't work without javascript. But, hey, if you want to dream, right.

    3 - The suspicious ZIP file MUST be opened;

    Um, no. The zip file automatically opens because, as we well know, Apple has "Automatically Open 'trusted' files" turned on by default in Safari.

    4 - I must then OPEN the unzipped suspicious file, which will then lead me to a suspicious installer;

    Again, no, the installer's finder window opens automatically.

    5 - I must AUTHORIZE the computer to install the suspicious file by providing my password;

    Yeah, because we all know Apple users would never enter their password when prompted. Nah. They're all too smart for that.

    6 - EVEN after doing all that, I can just kill processes and delete the file so that all is fine again.

    OK, now you're just being annoyingly thick-headed. Yes, you can do all that, assuming you realize you've just installed something you shouldn't have.

    However, these types of malware are not out to get YOU, since you're way too smart to fall for it. They're trying to get those who don't pay that much attention. You know, like how 90% of Windows PCs get infected. Some idiot clicking "Run" on something they shouldn't.

    And people still wanna call that "virus" or "malware"? Gimme a break! I've got a lot more damage from script kiddies who once sent me a disguised terminal command as a PDF file. This is a non-issue...

    Wait? So you're saying you've been infected with a piece of malware on your mac? Well then, turn in that computer, bud. You're not swift enough to use an Apple machine.

  1. tightzeit

    Joined: Dec 1969

    +1

    Re: Huh?

    Have to agree with Testudo here. I've had my wife - despite lengthy instruction - click on some stupid page that said 'You have spyware' or some c*** and accused me of putting a variety of things on her iMac.

    The vast and I mean vaaaaast majority of people that I know using computers don't know about these things, don't want to know about these things and very sincerely could care less about the 'you shoulda known better' attitude. They want to surf the net and be protected. They don't want an IT degree to do that. They don't want tech support to do that. They don't want to spend $50 per call to fix problem.

    This attitude that we're smart and they're just stupid alienates the end user which is mind-boggingly stupid and reminiscent only of attitudes of people who have a massive chip on their shoulder. They are the only reason you make a single cent and you need to respect that.

    The point is, people want to get into their car and turn it on without so much as a whinny, they want to swipe their iPod touch and have it work smoothly and flawlessly, they want the money they spend to be worth it. And it's the same with their computers.

    Despite what many dimwits will counter, this is where Apple spends its money. My many years on (windows based) PC's consumed many troubleshooting hours which I always did, I believed it was just normal.

    On my first Mac I regularly ran three CPU intensive apps simultaneously and while it crashed occasionally, it was nowhere near the several daily kind of experience I'd had trying to run just a single CPU intensive app at the same time.

    Sounds like fanboi c*** but I was and am a tightass and refused to spend what I saw as 'Wasted money on overhyped, under-supported c***'. But using OS9 at the time, which was far from stable, for just a month, completely changed my mind.

    Anyway, I went from saying 'never' to saying 'of course' despite the many pitfalls of Apple gear.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Pure Jongo T2 wireless speaker

Multi-room audio compatibility is a key metric for wireless sound systems these days. The entry cost into a house-spanning system can ...

Logitech Z213 multimedia speakers

Desktop computer speakers sit in a weird area of limbo: many consumers have forgone the era of desktop listening for the privacy and v ...

toggle

Most Commented