Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

MAC Defender Rogue Anti-Malware Program Attacks Macs via SEO Poisoning
Intego ^ | May 2,2011

Posted on 05/02/2011 11:28:51 AM PDT by Swordmaker

Intego has discovered a rogue anti-malware program called MACDefender, which attacks Macs via SEO poisoning attacks. When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open “safe” files after downloading in Safari, for example), will open. The file is decompressed, and the installer it contains launches presenting a user with the following screen:

If the user continues through the installation process, and enters an administrator’s password, the software will be installed.

It is important that users not continue with any unexpected installation of this type. Intego VirusBarrier X6′s malware definitions will be updated today, and Intego will be publishing a security memo when we have more information about this malware. For now, the threat is low, but users should be careful not to install software when installers open unexpectedly.

May 2, 2011Security


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: apple; computers; internet; mac; osx; tech
Navigation: use the links below to view more comments.
first previous 1-2021-4041 next last
To: brytlea

Sorry :(


21 posted on 05/02/2011 1:38:04 PM PDT by Anitius Severinus Boethius
[ Post Reply | Private Reply | To 19 | View Replies]

To: TheStickman

Unfortunately if all of us dummies stopped using computers and the internet, there wouldn’t be much left for the rest of you to surf around on.


22 posted on 05/02/2011 1:38:17 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Anitius Severinus Boethius

I was kidding. I try to be smart (because even tho I’ve been online since the early 90s I don’t think I really understand what is below the surface).

But now I’m just paranoid because after years of never having a virus I had some really bad luck (or I suddenly got really dumb) and had one kill my desk top and another get into my laptop. I have a Mac now, and all seems fine, but I still hardly click on anything. The internet these days seems like a really bad neighborhood and you just need to have a concealed carry!


23 posted on 05/02/2011 1:43:40 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 21 | View Replies]

To: brytlea

If you aren’t clicky, thank you! Your support team appreciates it.


24 posted on 05/02/2011 1:51:38 PM PDT by Anitius Severinus Boethius
[ Post Reply | Private Reply | To 23 | View Replies]

To: proxy_user
The problem really is that end users have acess to an admin account, or in the case of Unix, root. This should not be allowed.

I mentioned that these were managers and supervisors, and in an IT shop where everyone considers themselves an expert. Politics always reared it's ugly head. We took away admin access. The crybabies always got their way, and stupidly corrupted their PCs again and again. They were such experts that they repeatedly called my team to fix what they caused.

25 posted on 05/02/2011 2:11:03 PM PDT by roadcat
[ Post Reply | Private Reply | To 10 | View Replies]

To: TheBattman

Most of them. The general non-technical public thinks computers are smart so what the computer asks to do must be good. It’s that whole “sufficient level of technology is indistinguishable from magic” thing, non-tech people pretty much think computers are magic, they don’t understand them, they think they can’t understand them, they’re not going to try to understand them, and so they click “yes” a lot.


26 posted on 05/02/2011 2:14:02 PM PDT by discostu (Come on Punky, get Funky)
[ Post Reply | Private Reply | To 3 | View Replies]

To: roadcat

That’s why I have no sympathy for those who shell out big $$ to have their computers “cleaned” on a regular basis. Not far from me, there is a computer business with a big vinyl banner out front: $90 Virus Removal!”. A person with ANY brains at all could buy a premium anti-virus suite with a couple of years worth of updates for that kind of money (or less). Of course, buying such software, installing it, then never allowing it to update, scan your emails and web traffic, and regularly scan your PC makes it about as useful as that anti-biotic the Dr. prescribed for the person with strep throat who takes it one time and then puts it on the shelf...


27 posted on 05/02/2011 2:32:49 PM PDT by TheBattman (They exchanged the truth about God for a lie and worshiped and served the creature...)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Anitius Severinus Boethius

My support team is my son, who had the nerve to grow up and leave home. But yeah, he appreciates me being careful. I try to do nice things for him in exchange. He’s a good boy. :)


28 posted on 05/02/2011 2:42:24 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 24 | View Replies]

To: TheBattman

I had a virus I didn’t know I got (actually I got it, knew it, thought I had removed it, but apparently didn’t) that turned off my updates. I admit, I”m dumb enough not to realize I needed to check that, but I’m probably no dumber than most people. The bad thing is even my very tech saavy son and a few others couldn’t figure out what it was. Fortunately we were able to get all of my data off the machine and it was old enough that I didn’t really mind replacing it. With a Mac.


29 posted on 05/02/2011 2:45:44 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 27 | View Replies]

To: discostu

so this mac defender is downloded on to my puter and I can’t seem to get rid of it. I’ve been browsing the net and already two sex sites have randomly appeared with no clicking. I’m being told that the system is infected but must purchase this mac defender to clean it up. I’m obviously not going to buy it but
I’ve no idea what to do?
Help!


30 posted on 05/02/2011 2:48:08 PM PDT by digital dumbo
[ Post Reply | Private Reply | To 26 | View Replies]

To: Swordmaker
If the user continues through the installation process, and enters an administrator’s password, the software will be installed.

That's the difference between Mac and Windows.

31 posted on 05/02/2011 2:51:07 PM PDT by dfwgator
[ Post Reply | Private Reply | To 1 | View Replies]

To: Anitius Severinus Boethius
Yep, it sure does. And those users will do it. They will see something that will “optimize” their system, they will click on it, it will ask for their Administrator credentials and they will give it.

If that is the case, Anitius, how come I don't run into all lot of those infected Macs? Instead I find none. Zip. Nada. Not one. You'd think I'd find a few, but I don't. So, where are they??? Mac users don't seem to feel the need to "optimize" their systems... They stay optimized.

32 posted on 05/02/2011 3:44:39 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: dfwgator

Win 7 requires an admin to be logged in or provide a password.


33 posted on 05/02/2011 4:09:12 PM PDT by kevkrom ("Winning The Future" = WTF = What The F*** / "Kinetic Military Action" = KMA = Kiss My A**)
[ Post Reply | Private Reply | To 31 | View Replies]

To: brytlea
My IT support kid traded his internets for a fishing boat and motor but his words still ring in my ears...just reboot gramp, it's a Mac
34 posted on 05/02/2011 4:27:10 PM PDT by tubebender (A perfectly good tagline used to reside here but our colorful Prez needed it for his campaign)
[ Post Reply | Private Reply | To 28 | View Replies]

To: digital dumbo
so this mac defender is downloded on to my puter and I can’t seem to get rid of it. I’ve been browsing the net and already two sex sites have randomly appeared with no clicking. I’m being told that the system is infected but must purchase this mac defender to clean it up. I’m obviously not going to buy it but
I’ve no idea what to do?
Help!


If you have installed the MACDefender software, you should be able to uninstall the software by searching for and removing any references to "MACDefender" on your system. You may want to check the following locations for files that MACDefender may have installed:

That should do it.
35 posted on 05/02/2011 6:26:28 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 30 | View Replies]

To: Swordmaker

OK, had this pop up just now, from something I clicked on. There were warning bells and whistles, so I ran my virus software (no, I didn’t click on anything else, yes I’m THAT paranoid after having PCs). It said I wasn’t infected with anything. I just closed the windows I was in, and shut down the Defender window (didn’t install it of course).
My question, do I need to look for this anywhere on my system and throw it away? Is it somewhere in my computer waiting to be installed? Now I’m worried! Drat, I hate these people....


36 posted on 05/06/2011 2:22:16 PM PDT by brytlea (Trying to think of something worth the waste of a keystroke...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker
Just saw this pop up on Twitter:

http://www.theregister.co.uk/2011/05/06/skype_for_mac_critical_vulnerability/

37 posted on 05/06/2011 2:27:23 PM PDT by tacticalogic
[ Post Reply | Private Reply | To 2 | View Replies]

To: tacticalogic

I’m glad I had seen this here. It looks VERY professional. I don’t *think* would have have installed it, but I haven’t had my Mac all that long, so I don’t know...I might have thought it was a Mac thing, I can see people being fooled by this.


38 posted on 05/06/2011 2:32:39 PM PDT by brytlea (Trying to think of something worth the waste of a keystroke...)
[ Post Reply | Private Reply | To 37 | View Replies]

To: brytlea

If you did not install it, you are OK. For you to get this thing you have to give it an administrator’s name and password. You are running as a standard account, aren’t you? If not, open system preferences, create a new account, make it an Administrator account with a strong password you won’t forget. Then log off your every day user account and log into the NEW administrator account, change your every day account to a standard account, turn on “Fast User switching” at the bottom of the user list window, lock the preferences, then LOG OFF the new administrator account, and then log back into your usual account to continue surfing as normal. You can still install stuff but it will require both the admin name and password be typed in... It’s an extra layer of protection. Oh, don’t use “Admin” as the name of the Administrator account.


39 posted on 05/06/2011 3:28:22 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Swordmaker

Thank you! It was a scary moment, because it was exactly the sort of thing that happens on PCs and you can’t click anything without installing whatever the bug is.


40 posted on 05/06/2011 5:27:36 PM PDT by brytlea (Trying to think of something worth the waste of a keystroke...)
[ Post Reply | Private Reply | To 39 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson