Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,279
30,341



094840-macdefender.jpg


Antivirus firm Intego today noted the discovery of new malware known as "MACDefender" targeting Mac OS X users via Safari. According to the report, the malware appears to be being deployed via JavaScript as a compressed ZIP file reached through Google searches.
When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open "safe" files after downloading in Safari, for example), will open.
More information is available in Apple's support communities (1, 2), where users report that the malware is popping up directly in Google image searches.

Users running administrator accounts and with the Safari option to open "safe" files automatically checked appear to be most at risk, with some claiming that no notification of installation was seen or password required. Only when a screen popped up asking for a credit card number to sign up for virus protection did they realize that malware had been installed on their systems.

For those infected with the MACDefender malware, the following steps are recommended:

1. Open Applications > Utilities > Activity Monitor and quit any processes linked to MACDefender.

2. Delete MACDefender from the Applications folder.

3. Check System Preferences > Accounts > Login Items for suspicious entries

4. Run a Spotlight search for "MACDefender" to check for any associated files that might still be lingering.

Full details on the malware and the simplest steps needed for its complete removal are still being investigated.

Users are of course reminded that day-to-day system usage with standard accounts rather than administrator ones, as well as unchecking the Safari option for automatically opening "safe" files, are two of the simplest ways users can enhance their online security, adding extra layers of confirmation and passwords in the way of anything being installed on their systems.

Article Link: New 'MACDefender' Malware Threat for Mac OS X
 

bigcat318

macrumors 6502
Dec 25, 2007
377
138
I have noticed pop-ups about this appearing recently. It's usually the type where your only option is to click OK on a small window and then it opens a full window about 'MACDefender' and tries to get you to download it.
 

MisterMe

macrumors G4
Jul 17, 2002
10,709
69
USA
WOW! Malware that requires the user to do a Google search, then download, and install. For all of this, it asks for your credit card number.

How can we ever defend our computers against such a diabolical threat?!
 

Santabean2000

macrumors 68000
Nov 20, 2007
1,881
2,002
Annoyingly this type of thing will become all too common. Damn Apple and their great products, making themselves popular and that.

I liked the security through obscurity world we've come from...
 

ElCidRo

macrumors 6502
Aug 29, 2010
302
158
so much for the no malware on macs myth :D
funny how the apple fanboys are getting all defensive :rolleyes:
 

bf2008

macrumors regular
May 28, 2008
100
74
Safe attachments?

As I understand it, Safari will open the zip file since it's a "safe" download. But that doesn't mean it'll execute the code within that zip file, so how is this malware executing without user permission?
 

KnightWRX

macrumors Pentium
Jan 28, 2009
15,046
4
Quebec, Canada
WOW! Malware that requires the user to do a Google search, then download, and install. For all of this, it asks for your credit card number.

How can we ever defend our computers against such a diabolical threat?!

Hum, download and install are automatic. Good thing I don't use Safari.


As I understand it, Safari will open the zip file since it's a "safe" download. But that doesn't mean it'll execute the code within that zip file, so how is this malware executing without user permission?

I haven't seen this malware first hand, but a zip file can be made with absolute paths, making "unzipping" the file put everything where it needs to be to start up automatically on next log in/reboot.

Who's the brainiac who made zip files "safe" ?

so much for the no malware on macs myth :D
funny how the apple fanboys are getting all defensive :rolleyes:

No viruses on the Mac. There's been malware for OS X for quite a while now.
 

madrag

macrumors 6502
Nov 2, 2007
371
92
another good reason not to have safari open files/consider them safe.

Also, doesn't it warn you that you're about to open a file downloaded?
 

reel2reel

macrumors 6502a
Jul 24, 2009
627
46
4. Run a Spotlight search for "MACDefender" to check for any associated files that might still be lingering

That's a sure way *not* to find any related files.
 

kolax

macrumors G3
Mar 20, 2007
9,181
115
I don't believe this can install without user intervention? Even the screenshot shows you need to click continue.
 

r.j.s

Moderator emeritus
Mar 7, 2007
15,026
52
Texas
so much for the no malware on macs myth :D
funny how the apple fanboys are getting all defensive :rolleyes:

There has been malware for years, and IIRC, it all requires the user to do something to install it.

Basic user awareness will prevent this from becoming an issue.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.