Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
ClamXav has contained definitions for MACDefender and related variants for over a week. This list shows all the Mac malware detected by ClamXav.

Use ClamXav's Sentry feature to real-time scan ~/Downloads, ~/Library/Mail, and ~/Library/Mail Downloads. See the links in my sig for more Mac security tips.

This is the prompt that appears when MacProtector is detected:
 

Attachments

  • Screen shot 2011-05-18 at 11.09.21 PM.png
    Screen shot 2011-05-18 at 11.09.21 PM.png
    26.2 KB · Views: 87
Last edited:
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

Love the attitude of the people on here to potential threats, I guess they have been spoilt for way too long, just dont cry when you get stung in the future. The success of macs is going to result in more of these malware being targeted at macs

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

miles01110 said:
lol

10 years and finally a malware attack.

Still unreal.

:D

Actually there's been malware for OS X since it was introduced. There is malware for every operating system.

Nothing can defend against user stupidity.

Or ignorance that they are completely safe cause they own a mac....

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

An app??? Been using iPhone too long?
 
Last edited by a moderator:
Love the attitude of the people on here to potential threats, I guess they have been spoilt for way too long, just dont cry when you get stung in the future. The success of macs is going to result in more of these malware being targeted at macs

Want to read something funny? Check this out!

An app??? Been using iPhone too long?

Executable file extension in Windows is ".exe".

Executable file extension in Mac OS X is ".app". So app applies to both iPhone and OS X.
 
Easy 30 second removal. Nothing like a Windows virus.

Took Mac Defender off in only a few seconds thanks to videos like that. Stop the process in activity monitor. Trash the application. Remove in startup item for good measure.
 
Love the attitude of the people on here to potential threats, I guess they have been spoilt for way too long
No, we're not "spoilt", we're simply well-informed enough to know that people have been crying "wolf!" about viruses for Macs for 10 years, and not one has appeared. We're also well-informed enough to practice safe computing habits, such as not installing pirated software or blindly installing anything that pops up.
... just dont cry when you get stung in the future.
What makes you think we'll be "stung" if we follow the same safe computing habits that we've been recommending? Are you naive enough to think that some antivirus app will protect you from a virus that doesn't yet exist?
The success of macs is going to result in more of these malware being targeted at macs
The market share theory is hogwash. It doesn't hold water. Read a few of these virus threads and you'll learn a lot!
Or ignorance that they are completely safe cause they own a mac....
Who said Macs are completely safe? Before spouting off nonsense, read the Mac Virus/Malware Info link I've posted in most of these virus threads, most recently in post #294 of this thread.
 
No, I'm making an assumption that fanboys are voting down all the anti-Apple posts in droves. Whether they have posted in the thread is completely irrelevant. The point is you don't see people voting in droves for logical posts, but you do see negative votes in any post that speaks either for Microsoft or against Apple, regardless of the content of that message. That implies emotional reaction which implies fanaticism. You can argue semantics, but 1+1 still equals 2. Sherlock Holmes didn't have to do a poll to figure things out.



That sounds like a huge number, but it counts repeat viewings of the thread. There are both fewer posters (than 240) and fewer viewers (than 21,900) in totality. There is no way to discern how many stopped reading at the first page either. There is also a tendency for more voting towards the beginning of the thread than the end here, clearly indicating a strong possibility of posters unsubscribing and/or losing interest in the thread as time goes on. Evidence points towards logical trends and tendencies, not exact numbers.



You're right. You could just be stubborn.



I did do a search and hence the 2009 numbers of 25 million going to 75 million by 2009 (so 100 million is a fair estimate for 2011), but the article specifically stated the increase was largely due to the iPhone/iPod Touch. It gave no breakdown of Macs. The last iPhone numbers I saw were around 30 million some time ago and that didn't include iPads, so it may be well over 100 million now including them.



I've seen statistics on percentages of Firefox users relative to PPC and it was like 1 out of 28, if I recall correctly or about 3.5 per 100 users. If we assume 40 million Intel users for the moment, that would mean there are only a little over 1.4 million active PPC computers (not the same as users since many people own more than one Mac or Mac-capable system; I own 3 for example). So that would mean over 94% of PPC users have upgraded to PPC. I don't think it's quite that high; statistics are measured over time and non-use of a machine you do own (let alone one using multiple operating systems in the case of Intel) can skew the results. But even if I were to assume 25% of the PPC machines from 2007 and earlier are still in use (unlikely given attrition over the years; total sales of PPC isn't the same as active PPC machines; so when one says "installed" that doesn't mean they're still in use) that would still mean over 18 million PPC machines are no longer being actively used out of the 25 million total sold from 2007. Thus, your total Mac user base with 40 million Intels assumed would be 47 million totall (add more for more Intels sold; surely that figure is known to at least Apple minus any losses from computers blowing up). But then again, that's not 47 million USERS, necessarily. If the average Mac owner has 2 Macs, for example, that's then only 23.5 million users out there. So the true number of people (that Internet thieves have to potentially plunder) on the Mac is somewhere between 20-35 million at best, IMO not counting iOS devices.

Now you may think 27 million users to plunder is a big number, but compare that to Windows users (probably around a billion at this point which also includes many of the Macs since they also now can run Windows, creating even less incentive to bother with a Mac), it's a pretty small piece of the pie.

Now I am not saying that those statistics are "the" reason why the Mac has so little Malware and no viruses, but I am saying that you cannot totally dismiss it as a factor for at least a fair part of it. It could be 95% Unix security + foreign OS (as in foreign to the average hacker who runs Windows) and only 5% "why bother", but as the installed base of Mac users increases that "why bother" factor becomes "let's bother" instead. After all, it will only take one bad situation to cause a problem. There's usually a first for everything. Let's see what happens if/when the Mac user base reaches 100 million. iOS is tougher because it's closed, but it's more likely to be targeted in areas like browsing. You also cannot dismiss individual pieces of software with poor security (e.g. Safari regularly gets hacked during contests). Just because those were controlled conditions, it doesn't mean it couldn't be used in a more volatile situation. But is there an incentive? Clearly, there was an incentive to find one when money was offered.




No, I don't think I have. You're operating based on assumptions that because it hasn't happened in a meaningful way that it cannot happen and I think that is a false sense of security paramount to emotional fanaticism. Unlikely? Probably. Never? I wouldn't bet on it.
Interesting perspective.
 
Close to cussing

:mad: :mad:

Now you may think 27 million users to plunder is a big number, but compare that to Windows users (probably around a billion at this point which also includes many of the Macs since they also now can run Windows, creating even less incentive to bother with a Mac), it's a pretty small piece of the pie.

This kind of stuff really irritates me and every time I hear any sort of "security by obscurity" argument I want to punch my monitor. It is completely devoid of any kind of logic or even the tiniest amount of thought. I know you said it isn't "THE" reason, but to even think it is "one" of the reasons makes no sense.

Let's just think about it logically for a second. If you are a bad guy, a malware writer or someone who wants to steal/make money off of others via the Internet, are you telling me that you would totally ignore 27 million users? ESPECIALLY when 95% of those users have no virus/malware detection and have security threats so far from their minds as to never think about them?

If your 27 million user guess were accurate (and I think it is low), and 25% of Mac users were protected through AV software (and that number is outrageously high), you are still looking at 20 million users just sitting out there waiting to be had. Do you honestly think someone would ignore that market? For crying out loud, people rob convenience stores that they know have under $200 in the till, but you think web bad guys are going to ignore 20 million unprotected users because they aren't the biggest fish in the sea? That would be like Amazon deciding to only sell hip-hop music to white people because minorities are a smaller % of the population, even though the minorities would be much easier to make a sale to.

That is plain nuts, and anyone who thinks Mac's have been safe because they are only 8% of the market is hopeless to have any rational discussion with. The person who makes a serious security threat to OS X would either be rich or famous overnight (and maybe both). If someone could take advantage of that opportunity, they would.
 
:mad: :mad:

This kind of stuff really irritates me and every time I hear any sort of "security by obscurity" argument I want to punch my monitor. It is completely devoid of any kind of logic or even the tiniest amount of thought. I know you said it isn't "THE" reason, but to even think it is "one" of the reasons makes no sense.

And every time I see some stupid reply that insists it's not a factor at all I want to laugh my arse off. :p

Some people seem to think the Mac is magically protected by some Unix spell, but the truth is most people don't know Unix from a hole in the ground in the first place. They wouldn't know HOW to do it in the first place and they sure as heck aren't going to go to all the effort to learn it for a TINY TINY fraction of the marketplace (I mean overall installed users; the Mac barely even registers a blip there, 7% is overly optimistic IMO). Besides, even if it is far more difficult to write a virus for the Mac due to Unix, that's not how most users get trapped in the real world anyway. All forms of Trojans, Malware, Spyware, Adware, etc. are out there and they could just as easily be written for the Mac. It doesn't take a genius to make a trojan. They are almost as easy as a phishing scheme to create. So why are there only a few trojans for the Mac???? OBSCURITY, that's why. WTF cares about making a Mac backdoor trojan designed to steal personal information for 1% of the market, when you could get 99% for the exact same effort in Windows (and many Mac users also boot Windows so they could snag some of them as well)? Do you invest all your money in 0.05% returns or do you go for 4-10% or more? Only a stupid thief robs a poor man.

But you say there's no 'logic' in it. I say there's a LOT of logic in my argument and that you are basing your 'argument' on hear-say and your imagination. Do you have actual PROOF that obscurity plays NO part what-so-ever in the lack of malware for the Mac? No, you don't have any causation at all. You are making assumptions.

Let's just think about it logically for a second. If you are a bad guy, a malware writer or someone who wants to steal/make money off of others via the Internet, are you telling me that you would totally ignore 27 million users?

If I can snag maybe 1 out of 100,000 users with a trojan scam designed to make me money, what kind of take am I going to get with the Mac? If I assume 27 million actual active users (not machines sold), simple math tells me I might get around 270 people to fall for the trojan and give up useful personal information to a thief. If I take the same EFFORT on a Windows machine and with a BILLION + users out there (many in all walks of life, foreign countries, etc.) simple math tells me I'm going to get 10,000+ users. Even if you assume 1 out of 1000 users would fall for it, it would be 27,000 users falling victim versus 1 MILLION users on the PC. I'd rather make enough to retire than eke a living, personally, but you're telling me there's NO logic in it, what-so-ever. The math tells me otherwise.

But let's look at OS9 versus Windows and Amiga, AtariST, etc. No one is saying viruses were impossible to make for OS9 or the Amiga, etc. They did exist. I belonged to a computer user group back then. We traded software at every meeting. I got viruses on many occasions that had to be removed before running. But compared to the PC, the viruses were NOTHING. Why was that? Because it was hard/impossible? NO, it's because most Amiga uses didn't have hard drives (to store a problem past a hard reset) and weren't likely to have valuable information to steal so it wasn't worth their time and effort compared to a PC. It didn't account for ALL the reasons not to write a virus (i.e. there were some out there), but there were one hell of a lot more for the PC!

But you don't find that logical. You think no one can target a Mac. This trojan is just a program with a stupid name on it. It doesn't use security of the OS. It uses gullibility and ignorance. These things could be made in HUGE numbers for the Mac EASILY. But why aren't they? There are endless trojans on the PC, usually infested with some kind of key logger designed to steal identities or other useful personal information. It cannot be because Macs have a magic shield because no magic shield is used with trojans! They work purely on ignorance. It's because of the statistics above! You can make a lot more money fishing in an Aquarium loaded with fish (shooting fish in a bucket) than some remote frozen stream.

So while YOU may not believe obscurity is a 'factor' in all this, I know simple math tells me it HAS to be one component, even if it's not the primary one (in the case of viruses). What other Unix system is out there worth bothering with? Linux users are even more obscure. Unix-based servers OTOH are quite lucrative. They get 'hacked' all the time (often large credit card sites, etc.). The Mac has MORE security holes than Windows7 according to most security experts. But by your logic, these guys should risk getting caught going after your home computer instead of Capital One or whatever.... (and I say Capital One because I got a notice one time they had been compromised and were issuing new cards because they got hacked).

ESPECIALLY when 95% of those users have no virus/malware detection and have security threats so far from their minds as to never think about them?

See above about trojans. I honestly don't think you've thought about the numbers at all. Just sitting there waiting to be had doesn't apply well to trojans and a smart thief isn't going to choose making $30,000 over $30 MILLION. And dumb thiefs probably don't know how to even make a trojan.
 
I just watch a YouTube clip showing how the software installs, so I find it very strange that a piece of unknown software tries to install and idiots just allow it to without question; especially after it claims they are infected with more than a handful of Trojans and viruses, that in itself should raise alarm bells.

So all I can say to people who are infected is LOL
 
And every time I see some stupid reply that insists it's not a factor at all I want to laugh my arse off. :p

[snip long-winded but logic-free reply]

Lots of words there, none of which offer any sensical rebuttal. The "security by obscurity" myth has been disproven more times than I care to remember during the past ten years. The most significant factor to remember? Mac OS 9 and earlier had far smaller marketshare, but had somewhere on the order of 1000% more malware, including viruses and other forms of malware that have yet to ever show up on Mac OS X.

Laugh all you want, but you're known to be wrong.

jW
 
(I mean overall installed users; the Mac barely even registers a blip there, 7% is overly optimistic IMO).

If I assume 27 million actual active users

If I take the same EFFORT on a Windows machine and with a BILLION
Let's see: "overall installed users" "7%" "Windows" "a BILLION"

27 million is roughly 7% of a billion? Must be the "new math"! LOL! :rolleyes:
 
Lots of words there, none of which offer any sensical rebuttal.

You can think whatever the heck you want. That doesn't mean you're right.

The "security by obscurity" myth has been disproven more times than I care to remember during the past ten years. The most significant factor to

It hasn't been dis-proven once. You cannot prove a negative that cannot be tested. Look into it. Or did I miss some all-incluslive polls that asked thieves why they didn't bother to write malware for the Mac?

You also ignore the fact that trojans don't require any security or OS exploits to be written. This MacDefender thing is just a "click here to install our credit card thieving scheme program". The Mac could easily have thousands of these because they're EASY to write. There ARE thousands on the PC. Why is that? Because Unix/OSX magically somehow protects you??? :rolleyes:

You disprove your own statements.

remember? Mac OS 9 and earlier had far smaller marketshare, but had

You seem to be confusing total number of computers with market share dude. The Mac had its highest market share in the late '80s and early 90's (16-20% by most estimates at its highest). It's now at somewhere between 3-8% depending on the source. Back then, most 'viruses' were designed to play tricks on computers (hackers having fun). Today, it's about making MONEY. There is NO money in a small pond when a giant pond is sitting nearby. You can argue all day long about viruses, but things like Trojans are JUST as easy to make for the Mac as the PC and yet you don't see too many. I'd LOVE to hear why you think that is if it's not market share. Not all malware is a virus dude.

Laugh all you want, but you're known to be wrong.

I don't laugh at ignorant statements. I laugh at stupid ones.

Let's see: "overall installed users" "7%" "Windows" "a BILLION"

27 million is roughly 7% of a billion? Must be the "new math"! LOL! :rolleyes:

We have another winner. :rolleyes:

Apparently, you like to quote things out of context, which just makes your posts look ridiculous. Look back a few pages. Installed machines is NOT the same as installed users and that was an estimate based on a statement in another post. 70 Million would be 7% and doesn't take into account lost PPC users (installed doesn't mean 'still used'). How many of those users have purchased more than 1 Mac over the past 10 years??? Most Mac users on here seem to buy a new machine every 2-3 years on average, some sooner. Many own more than one machine at a time as well. Given such, I think 27 million USERS is pretty optimistic. Your mileage may vary.
 
Apparently, you like to quote things out of context, which just makes your posts look ridiculous. Look back a few pages. Installed machines is NOT the same as installed users and that was an estimate based on a statement in another post. 70 Million would be 7% and doesn't take into account lost PPC users (installed doesn't mean 'still used'). How many of those users have purchased more than 1 Mac over the past 10 years??? Most Mac users on here seem to buy a new machine every 2-3 years on average, some sooner. Many own more than one machine at a time as well. Given such, I think 27 million USERS is pretty optimistic. Your mileage may vary.
All of the numbers you quote are based on your own assumptions, none of which are proven to have any basis in fact. You're making it up as you go along. :rolleyes:
 
Attacked again..

About two weeks ago I ran into this malware while Google Image searching on Safari. It automatically downloaded and opened the installer because Safari interpreted it as a "safe file". Here is what I posted https://forums.macrumors.com/threads/1148827/

Just moments ago, I was on MTV.com, browsing through and while on MTV.com (a site that I consider to be a "safe" site) it redirected my page to the fake finder page flashing that I have x # of viruses and automatically downloaded the "anti-malware.zip" file, without the "Ok" or "Cancel dialogue". I was using Chrome and it didn't automatically open the installer. I immediately deleted the zip, and emptied the trash. I unchecked the option on Chrome to automatically download files to my downloads folder.

I understand if this malware issue came across if the user was on a porn site or a pirated music, movie, software, etc site, but it is scary how this malware appears when users are on a "safe" site such as MTV.com
 
Last edited by a moderator:
I understand if this malware issue came across if the user was on a porn site or a pirated music, movie, software, etc site, but it is scary how this malware appears when users are on a "safe" site such as MTV.com
The MacDefender threat has been well-documented to be encountered when doing Google searches and visiting "safe" sites like Yahoo, etc. As long as you follow the recommendations that have been posted dozens of times in numerous threads, such as the one you quoted, you'll be perfectly safe.
 
You can think whatever the heck you want. That doesn't mean you're right.

Nope. Being right means I'm right.

And you know what, I'm done with you. It's taking too much effort to resist blasting you for your arrogance and risking getting myself in trouble with the rules for language, so instead I'm just going to add you to my growing list of blocked users. Congratulations, now you can rail against nothing without bothering me!

jW
 
Since this thing requires both Safari and JavaScript, why don't you all just run Firefox with the NoScript add-on? I mean, it can't get you if it can't even run its scripts, can it? And it won't autorun even if it did download if you're using Firefox, will it?

Safari is a very unsecure browser. Apple got lazy on it. That's why I've not used it in years.
 
Since this thing requires both Safari and JavaScript, why don't you all just run Firefox with the NoScript add-on?

Or, you can turn off "Open safe files after downloading."

I mean, it can't get you if it can't even run its scripts, can it? And it won't autorun even if it did download if you're using Firefox, will it?

It can't get you unless you enter your password in the installer.
 
It can't get you unless you enter your password in the installer.

I've read reports that, if you have the open safe files thing on and you're running in an admin account, some variants will install themselves without any user intervention. Scary stuff if it's true.
 
About two weeks ago I ran into this malware while Google Image searching on Safari. It automatically downloaded and opened the installer because Safari interpreted it as a "safe file". Here is what I posted https://forums.macrumors.com/threads/1148827/

Just moments ago, I was on MTV.com, browsing through and while on MTV.com (a site that I consider to be a "safe" site) it redirected my page to the fake finder page flashing that I have x # of viruses and automatically downloaded the "anti-malware.zip" file, without the "Ok" or "Cancel dialogue". I was using Chrome and it didn't automatically open the installer. I immediately deleted the zip, and emptied the trash. I unchecked the option on Chrome to automatically download files to my downloads folder.

I understand if this malware issue came across if the user was on a porn site or a pirated music, movie, software, etc site, but it is scary how this malware appears when users are on a "safe" site such as MTV.com

Please report this to PhishTank.com since so many DNS registers rely on their reporting to block Trojan/virus web sites from DNS directing to page, or list the page so I can report it.
 
I got this BS from a yahoo front page site about vegetarians. Click here to see the slideshow and bam this pops up and something gets downloaded to my d/l folder. Check it here, I took a screenshot.

Deleted the zip that was d/l'd and closed out chrome.

*edit* I just watched the video above and I guess this is the MacDefender.. wow, interesting I got hit with this 3 days ago.. gonna double check make sure nothing went through.
 

Attachments

  • Screen shot 2011-05-18 at 5.14.17 PM.png
    Screen shot 2011-05-18 at 5.14.17 PM.png
    373.1 KB · Views: 89
I got this BS from a yahoo front page site about vegetarians. Click here to see the slideshow and bam this pops up and something gets downloaded to my d/l folder. Check it here, I took a screenshot.

Deleted the zip that was d/l'd and closed out chrome.

*edit* I just watched the video above and I guess this is the MacDefender.. wow, interesting I got hit with this 3 days ago.. gonna double check make sure nothing went through.

Didn't you notice the IP address instead of a web address? You really need to know how DNS works on the web.
 
Didn't you notice the IP address instead of a web address? You really need to know how DNS works on the web.

Yeah I noticed that, what are you trying to say? I knew right away it wasn't legit, I didn't need to look at the adressbar to know, even if I was thinking it was real. I just took a pic to show what popped up after clicking a link from yahoo. I need to know how DNS works, why? I didn't say I got fooled into anything lol, I didn't click the link either, it just downloaded for whatever reason.

I just didn't know this was THE macdefender problem people were talking about, I obviously knew it was malware. Don't assume and tell me to know how things work.

It only got as far as having a file downloaded, nothing more. I took the ss b/c I was surprised to FINALLY see malware show up for OSX and posted the ss on facebook.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.