Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

New Variant of 'Mac Defender' Quickly Evades Apple's Security Update as Cat-and-Mouse Game Begins

Be prepared for an onslaught of e-mails from all your friends warning you about a new Mac virus that will destroy your hard drive and burn up your monitor.

As for all those who persist in making life miserable for the casual computer user, OFF WITH THEIR HEADS! ... and while the axman is at it, OFF WITH THEIR BA||S.

Hey! Does anyone know whether this Mac Defender (or whatever name it is using today) is associated with the ZEDO advertising group? Even with Pop-ups blocked in Safari, I continue getting pop-ups for Publishers Clearing House from those SPAMMERS at ZEDO.
 
Or

Luis Ortega said:
That's not what's happening.
At work, for the past two days, several times a day when I open Safari and go to a site like the drudge report, the screen gets taken over by the malware attack and fake scan and it won't allow you to click cancel or navigate elsewhere.
You can only accept the download or shut down Safari and try again.
I found 18 downloads of the malware file in my downloads folder and I never accepted any download. Naturally, I deleted them all, but if the open downloads button had been ticked in Safari, it would have been a disaster.
This is a strong attack that could easily hurt some less computer-capable people.
Click to expand...

Do what I do: if all else fails pull the plug out of the damned wall. If you need to reimage, so be it.
 
aliensporebomb said:
You can't. It's mostly the russian mafia but there are other parties. You won't catch them. This has been running rampant on the windows side for several years now with hundreds of different variants. There are little malware toolkits that will build these apps for you that are point and click enabled. You could be a total script kiddie and create one.
Click to expand...

All that is needed is a software attack on THEIR computers that will wipe out their entire system.
 
strik said:
Had a friend once who said he logged onto his online banking all the time at the cafe shop and therefore, he didn't have to worry because he was also using a Mac. Told him about the common practice of people within the area of a cafe shop creating there own wireless network with the same name or similar name as a coffee shop's network, and then capturing all the members internet traffic.
Click to expand...

The biggest risk is actually connecting to a hacked business site. What happens: You order something online and give your credit card information to a totally legitimate but hacked site. The site is hacked to transfer you to another site owned by the hacker, _while making your browser believe you are still on the same site_. So your browser willingly gives your data to that other site as well.

This is not a vulnerability of the browser at all, but of the hacked site. Applies to all browsers on all operating systems. To be safe, after you give your credit card number to anyone, _quit the browser_.
 
doctor-don said:
Be prepared for an onslaught of e-mails from all your friends warning you about a new Mac virus that will destroy your hard drive and burn up your monitor.
Click to expand...

Too late - my inbox is already full with those warnings, and one sounds worse than the other.


doctor-don said:
All that is needed is a software attack on THEIR computers that will wipe out their entire system.
Click to expand...

I'm afraid that they run MacOS based systems - an (hidden) attack like that is not possible and I don't think you can send them installer and make them install it (they know about that trick)
 
I read comments that supposedly Windows users are better trained to identify malware and that Microsoft has been on the ball beefing up security.

Given all that, it is amazing how many Windows users get their computers infected. At the same time, this particular malware has hit some mac users but overall it hasn't made that big of an impact.

Microsoft has said the biggest threat to Windows users is the prolific amount of pirated Windows OS out there. Often when people go looking around for pirated stuff they get infected. That puts everyone at risk.
 
GFLPraxis said:
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.
Click to expand...

What press coverage? The tech sites? Most consumers don't pay close attention to tech sites. And FYI, the new variant auto downloads and can even [depending on your browser settings] open automatically and install itself without a password.
 
hmmmm just don't use safari ..... firefox doesn't have auto open ...btw does anyone know if this affects powerpc (raid architecture - PowerbookG4)? coz i havnt been offered a sercurity update and i am running 10.5 sooo..
 
gorskiegangsta said:
What press coverage? The tech sites? Most consumers don't pay close attention to tech sites. And FYI, the new variant auto downloads and can even [depending on your browser settings] open automatically and install itself without a password.
Click to expand...

It does not auto install, you have to accept several steps during the installation phase
 
Why does this 'MacDefender' spread to so many webpages? Usually most malware you get from some fishy webpages that trick you (through google search or other means) to go on there - but reading about this one, it seems you can also get it on some of the big name webpages? What security hole do they use to plant it on so many webpages?
 
gorskiegangsta said:
And FYI, the new variant auto downloads and can even [depending on your browser settings] open automatically and install itself without a password.
Click to expand...
This is exactly how misinformation gets spread. It does NOT install itself. Try to learn the facts before you post nonsense.
 
Day 1: MACDefender Found, Mac OS X is under the gun!!!
My reaction: *yawn* *Googles prolifically*

Day 2: MACDefender doesn't require your password!!!
My reaction: *yawn* *Googles prolifically*

Day 3: MACDefender works around Apple patch!!!
My reaction: *yawn* *Googles prolifically*

Day ???: MACDefender installs without your consent and kills your Mac.
My reaction: No more Google for me. *sadface*

Just turn off the Auto Open in Safari, quit the Installer, trash it, and go to bed. Sheesh, with all this hype you'd think this has never happened before. :O

Windows needs to stop being so yappy and deal with their own malicious problems. Don't pretend this is something new, it isn't yet. In the same light Apple needs to stop bragging it's invisible. Sooner or later someone's gonna crack the egg, at least for a short time. When that happens, get concerned.
 
BaldiMac said:
Super. Obviously true. Still not sure how that shows Microsoft is currently doing more to prevent MacDefender type attacks then Apple.
Click to expand...

MS has over 100k of these types of attacks every day!!!

Despite this, they maintain a relatively secure platform.

You should meet with some of the VP's in the IE group, their thoughts on security are amazing.
 
gnasher729 said:
The biggest risk is actually connecting to a hacked business site. What happens: You order something online and give your credit card information to a totally legitimate but hacked site. The site is hacked to transfer you to another site owned by the hacker, _while making your browser believe you are still on the same site_. So your browser willingly gives your data to that other site as well.

This is not a vulnerability of the browser at all, but of the hacked site. Applies to all browsers on all operating systems. To be safe, after you give your credit card number to anyone, _quit the browser_.
Click to expand...

I was on a public computer once on a college campus. It was a Windows machine. I logged into an account did some work and logged out. But then I went to go back into the account and realized the id and password were auto filled. I didn't know where to clear this. Luckily the person managing the computers was there and knew Windows and IE. He was able to turn off autofill and clear the pass words from memory. He had just set up the computers and did not know this was the default configuration. This has hopefully changed in newer versions of Windows and IE.
 
wololololo said:
http://www.newsfactor.com/story.xhtml?story_id=0010003L8R22&page=2&full_skip=1 read this


variant of MAC Defender, called MacGuard, has also been reported. It's placed in a user's Applications folder -- which doesn't require an administrator's password -- instead of the normal location in the system-level folder.

drag and drop?
Click to expand...
It doesn't automatically install. It just gets comfortable in your Applications folder. You still have to go through the install process. ;)

EDIT: Correction - you still have to install it, but it goes to your Applications folder which requires no password to install. You still have to give your consent for installation.
 
wololololo said:
variant of MAC Defender, called MacGuard, has also been reported. It's placed in a user's Applications folder -- which doesn't require an administrator's password -- instead of the normal location in the system-level folder.

drag and drop? it is slightly ambiguous i must admit..donno
Click to expand...
That article is wrong. MacGuard does not download to your Applications folder. It downloads to your Downloads folder and requires that the user complete the installation process. It does NOT install itself or download to the Applications folder. Even if it could, the user would still have to launch it and complete the installation process. It cannot infect a Mac unless the user actively permits it.
 
BaldiMac said:
What is Microsoft doing that Apple is not that would currently prevent a Mac Defender type attack? Daily definition updates of an anti-malware scanner is the most appropriate strategy. Outside of preventing the user from installing unapproved applications, I'm not sure what else you can do.
Click to expand...

Thanks for making me understand that.

Well actually there's nothing you can do about 'malware'.

Hmm. I'll take my posts back as I understand.
 
TheAppleDragon said:
It doesn't automatically install. It just gets comfortable in your Applications folder. You still have to go through the install process. ;)
Click to expand...


fair play - a drag and drop Malware would be devastating though... just a thought...

ok im not stupid enough to install this but im running a powerpc cpu...i haven't had a security update....it would be funny and slightly typical for the virus to have better universal access than apples security for old machines...:rolleyes:
 
GGJstudios said:
No, it isn't. Mac's best malware protection has been the same for the past 10 years: an informed, prudent user who thinks before doing anything, especially when choosing and installing software. That's all that's required.
Click to expand...

That applies to anyone on any OS though....surely?

In my experience, MAc users tend to be more open on what they do on the web
'cos .... "Apple says it only happens to Windows users"

no OS can protect from PEBKAC.

The only good thing this attack has done is to lay bare the outright folly and lies of Apple's' marketing over the last 5 years or so...
 
ten-oak-druid said:
I was on a public computer once on a college campus. It was a Windows machine. I logged into an account did some work and logged out. But then I went to go back into the account and realized the id and password were auto filled. I didn't know where to clear this. Luckily the person managing the computers was there and knew Windows and IE. He was able to turn off autofill and clear the pass words from memory. He had just set up the computers and did not know this was the default configuration. This has hopefully changed in newer versions of Windows and IE.
Click to expand...
IE asks you if you want it to remember passwords or not.
The admin who setup the box was an idiot if he didn't know it does this by default.
The "feature" can be easily and permanently disabled via a policy setting.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back