Posted on 05/02/2011 11:28:51 AM PDT by Swordmaker
Intego has discovered a rogue anti-malware program called MACDefender, which attacks Macs via SEO poisoning attacks. When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open “safe” files after downloading in Safari, for example), will open. The file is decompressed, and the installer it contains launches presenting a user with the following screen:
If the user continues through the installation process, and enters an administrator’s password, the software will be installed.
It is important that users not continue with any unexpected installation of this type. Intego VirusBarrier X6′s malware definitions will be updated today, and Intego will be publishing a security memo when we have more information about this malware. For now, the threat is low, but users should be careful not to install software when installers open unexpectedly.
May 2, 2011Security
Sorry :(
Unfortunately if all of us dummies stopped using computers and the internet, there wouldn’t be much left for the rest of you to surf around on.
I was kidding. I try to be smart (because even tho I’ve been online since the early 90s I don’t think I really understand what is below the surface).
But now I’m just paranoid because after years of never having a virus I had some really bad luck (or I suddenly got really dumb) and had one kill my desk top and another get into my laptop. I have a Mac now, and all seems fine, but I still hardly click on anything. The internet these days seems like a really bad neighborhood and you just need to have a concealed carry!
If you aren’t clicky, thank you! Your support team appreciates it.
I mentioned that these were managers and supervisors, and in an IT shop where everyone considers themselves an expert. Politics always reared it's ugly head. We took away admin access. The crybabies always got their way, and stupidly corrupted their PCs again and again. They were such experts that they repeatedly called my team to fix what they caused.
Most of them. The general non-technical public thinks computers are smart so what the computer asks to do must be good. It’s that whole “sufficient level of technology is indistinguishable from magic” thing, non-tech people pretty much think computers are magic, they don’t understand them, they think they can’t understand them, they’re not going to try to understand them, and so they click “yes” a lot.
That’s why I have no sympathy for those who shell out big $$ to have their computers “cleaned” on a regular basis. Not far from me, there is a computer business with a big vinyl banner out front: $90 Virus Removal!”. A person with ANY brains at all could buy a premium anti-virus suite with a couple of years worth of updates for that kind of money (or less). Of course, buying such software, installing it, then never allowing it to update, scan your emails and web traffic, and regularly scan your PC makes it about as useful as that anti-biotic the Dr. prescribed for the person with strep throat who takes it one time and then puts it on the shelf...
My support team is my son, who had the nerve to grow up and leave home. But yeah, he appreciates me being careful. I try to do nice things for him in exchange. He’s a good boy. :)
I had a virus I didn’t know I got (actually I got it, knew it, thought I had removed it, but apparently didn’t) that turned off my updates. I admit, I”m dumb enough not to realize I needed to check that, but I’m probably no dumber than most people. The bad thing is even my very tech saavy son and a few others couldn’t figure out what it was. Fortunately we were able to get all of my data off the machine and it was old enough that I didn’t really mind replacing it. With a Mac.
so this mac defender is downloded on to my puter and I can’t seem to get rid of it. I’ve been browsing the net and already two sex sites have randomly appeared with no clicking. I’m being told that the system is infected but must purchase this mac defender to clean it up. I’m obviously not going to buy it but
I’ve no idea what to do?
Help!
That's the difference between Mac and Windows.
If that is the case, Anitius, how come I don't run into all lot of those infected Macs? Instead I find none. Zip. Nada. Not one. You'd think I'd find a few, but I don't. So, where are they??? Mac users don't seem to feel the need to "optimize" their systems... They stay optimized.
Win 7 requires an admin to be logged in or provide a password.
If you have installed the MACDefender software, you should be able to uninstall the software by searching for and removing any references to "MACDefender" on your system. You may want to check the following locations for files that MACDefender may have installed:That should do it.
- Applications folder: Go to the Applications folder (and subfolders like "Utilities") and remove any folder or application that is associated with MACDefender. List folder contents by date modified or created, to see if any files have been put there recently, and remove them.
- Login Items tab (system preferences/accounts): Go to the "Login Items" section of the Accounts system preferences and remove any reference to MACDefender in there. Do this for all accounts on the system.
>Activity Monitor (Applications/Utilities): Open Activity Monitor and sort the list of running processes by name. Then locate any that you suspect are associated with MACDefender and force-quit them. Unfortunately this may be more difficult to do if the name of the running process is different than MACDefender, but it is worth a shot.
- Launch agents and daemons ((your user directory/Library and MacintoshHD/Library):Go to the following folders and see if any launch daemon or agent property list files reference MACDefender (open them and search through them if necessary). Do this for all files located in the following directories, but be sure you only remove the files that clearly are associated with MACDefender. If you remove others you will disable OS X features that may destabilize your system:
/Macintosh HD/System/Library/LaunchDaemons/
/Macintosh HD/System/Library/LaunchAgents/
/Macintosh HD/Library/LaunchDaemons/
/Macintosh HD/Library/LaunchAgents/
/username/Library/LaunchDaemons/
/username/Library/LaunchAgents/
OK, had this pop up just now, from something I clicked on. There were warning bells and whistles, so I ran my virus software (no, I didn’t click on anything else, yes I’m THAT paranoid after having PCs). It said I wasn’t infected with anything. I just closed the windows I was in, and shut down the Defender window (didn’t install it of course).
My question, do I need to look for this anywhere on my system and throw it away? Is it somewhere in my computer waiting to be installed? Now I’m worried! Drat, I hate these people....
http://www.theregister.co.uk/2011/05/06/skype_for_mac_critical_vulnerability/
I’m glad I had seen this here. It looks VERY professional. I don’t *think* would have have installed it, but I haven’t had my Mac all that long, so I don’t know...I might have thought it was a Mac thing, I can see people being fooled by this.
If you did not install it, you are OK. For you to get this thing you have to give it an administrator’s name and password. You are running as a standard account, aren’t you? If not, open system preferences, create a new account, make it an Administrator account with a strong password you won’t forget. Then log off your every day user account and log into the NEW administrator account, change your every day account to a standard account, turn on “Fast User switching” at the bottom of the user list window, lock the preferences, then LOG OFF the new administrator account, and then log back into your usual account to continue surfing as normal. You can still install stuff but it will require both the admin name and password be typed in... It’s an extra layer of protection. Oh, don’t use “Admin” as the name of the Administrator account.
Thank you! It was a scary moment, because it was exactly the sort of thing that happens on PCs and you can’t click anything without installing whatever the bug is.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.