Library

Mac Defender

Share on Facebook Share on Twitter Email
Wikipedia on Answers.com:

Mac Defender

Top
Home > Library > Miscellaneous > Wikipedia

Mac Defender (also known as Mac Protector, Mac Security,[1]Mac Guard,[2] and Mac Shield)[3] is an internet rogue security program that can be installed by unwitting users of computers running the Mac OS X operating system. The Mac security firm Intego discovered the fake antivirus software on May 2, 2011, with a patch not being provided by Apple until May 31.[4] The software has been described as the first major malware threat to the Macintosh platform (although it does not attach to or damage any part of OS X).[5][6][7][8][9][10] However, it is not the first Mac-specific Trojan, and is not self-propagating.

Users typically encounter the program when opening an image found on a search engine. It appears as a pop-up indicating that viruses have been detected on the users' computer and suggests they download a program which, if installed, provides the users' personal information to unauthorized third parties.

The software has been traced through German websites, which have been closed down, to the Russian online payment ChronoPay. AppleCare employees were told not to assist callers in removing the software, but Apple later promised a software patch.[11] The Mac OS X security update 2011-003 was released on May 31, 2011, and includes not only an automatic removal of the trojan, and other security updates, but a new feature that automatically updates malware definitions from Apple.[1]

Contents

Symptoms

-memo-new-mac-defender-variant-macguard-doesnt-require-password-for-installation/ |publisher=The Mac Security Blog » INTEGO SECURITY MEMO |title= New Mac Defender Variant, MacGuard, Doesn’t Require Password for Installation }}</ref> All variants require the user to actively click through an installer to complete installation even if a password is not required.

Origin

Mac Defender was traced to ChronoPay by the email address of ChronoPay financial controller Alexandra Volkova.[12] The email address appeared in domain registration for mac-defence.com and macbookprotection.com, two web sites Mac users are directed to in order to purchase the security software. ChronoPay is Russia's largest online payment processor. The web sites were hosted in Germany and were suspended by Czech registrar Webpoint.name. ChronoPay had earlier been linked to another scam in which users involved in file sharing were asked to pay a fine.[13][14]

Apple response

According to Sophos, by May 24, there had been sixty thousand calls to AppleCare technical support about Mac Defender-related issues,[15] and Ed Bott of ZDNet reports that the number of calls to AppleCare increased in volume due to Mac Defender, and that a majority of the calls now pertain to Mac Defender.[16] AppleCare employees have been told not to assist callers in removing the software.[17] Specifically, support employees have been told not to instruct callers on how to use Force Quit and Activity Monitor to stop Mac Defender, as well as not to direct callers to any discussions pertaining to the problems caused by Mac Defender.[15] An anonymous AppleCare support employee said that Apple instituted the policy in order to prevent users from relying on technical support instead of anti-virus programs.[17]

On May 24, 2011 Apple issued instructions on the prevention and removal of the malware.[18]

On May 31, 2011 Apple released security update 2011-003 which addressed the threat and removed the trojan from any affected Mac computers, and added a feature that automatically updates malware definitions from Apple.[1]

Mac Guard variant

A new variant of the program, Mac Guard, has been reported which does not require the user to enter a password to install the program,[19] although one still does have to run the installer.[20]

See also

References

  1. ^ a b c "About Security Update 2011-003". 2011-05-31. http://support.apple.com/kb/HT4657. Retrieved 31 May 2011. 
  2. ^ "Intego Mac Security Blog". 25 May 2001. http://blog.intego.com/2011/05/25/intego-security-memo-new-mac-defender-variant-macguard-doesnt-require-password-for-installation/. 
  3. ^ "Mac malware morphs to 'MacShield'". Technolog. MSNBC. http://technolog.msnbc.msn.com/_news/2011/06/03/6780300-mac-malware-morphs-to-macshield. Retrieved 5 June 2011. 
  4. ^ Hamburger, Ellis (May 02, 2011). "WARNING: This Mac App Is Stealing Credit Card Numbers". http://articles.businessinsider.com/2011-05-02/tech/29963959_1_credit-card-numbers-antivirus-rogue-program. Retrieved 7 December 2011. 
  5. ^ "Macs face first virus threat". techday.co.nz. May 4, 2011. http://www.techday.co.nz/netguide/news/macs-face-first-virus-threat/20020/. 
  6. ^ "Say hello to MAC Defender, the first major widespread piece of Mac based malware". left-click.us. http://www.left-click.us/news/blog/mac-defender. 
  7. ^ Dachis, Adam (25 May, 2011). "How to Protect Your Computer from Mac Defender and Its Counterparts". Mac Defender has been making a lot of noise as one of the first major Mac security threats. lifehacker.com. http://lifehacker.com/5805609/how-to-protect-your-computer-from-mac-defender-and-macguard. 
  8. ^ "By and large, Mac users have been able to escape the onslaught of malware that their Windows counterparts suffer from". macworld.com. http://www.macworld.com/article/159595/2011/05/macdefender_trojan_horse.html. 
  9. ^ Trenholm, Rich (19 May 2011). "The old saw that Macs don't get minecrafts is under fire as a piece of malware called Mac Defender is rampaging across the Web". cnet.com. 
  10. ^ "Mac Defender fake antivirus software is first major attack on Apple computers". crave.cnet.co.uk. http://crave.cnet.co.uk/software/mac-defender-fake-antivirus-software-is-first-major-attack-on-apple-computers-50003812/. 
  11. ^ "Mac malware authors release a new, more dangerous version". zdnet.com. May 25, 2011. http://www.zdnet.com/blog/bott/mac-malware-authors-release-a-new-more-dangerous-version/3385. 
  12. ^ "Apple takes on Mac Defender Scam". International Business Times. 29 May 2011. http://www.ibtimes.com/articles/154071/20110529/apple-takes-on-mac-defender-scam.htm. 
  13. ^ "MacDefender Scareware Linked to Russian Payment Site". News & Opinion (PCMag.com). http://www.pcmag.com/article2/0,2817,2386060,00.asp. 
  14. ^ "Russia's ChronoPay Executive Linked to Mac Defender Scam". International Business Times. http://www.ibtimes.com/articles/153863/20110528/russia-s-chronopay-linked-to-mac-scareware-scam.htm. 
  15. ^ a b Wisniewski, Chester (2011-05-24). "Apple support to infected Mac users: 'You cannot show the customer how to stop the process'". Naked Security. Sophos. http://nakedsecurity.sophos.com/2011/05/24/apple-support-to-infected-mac-users-you-cannot-show-the-customer-how-to-stop-the-process/. Retrieved 24 May 2011. 
  16. ^ Bott, Ed (2011-05-18). "An AppleCare support rep talks: Mac malware is "getting worse"". ZDNet. http://www.zdnet.com/blog/bott/an-applecare-support-rep-talks-mac-malware-is-getting-worse/3342. Retrieved 24 May 2011. 
  17. ^ a b Cluley, Graham (2011-05-18). "Malware on your Mac? Don't expect AppleCare to help you remove it". Naked Security. Sophos. http://nakedsecurity.sophos.com/2011/05/18/malware-on-your-mac-dont-expect-applecare-to-help-you-remove-it/. Retrieved 24 May 2011. 
  18. ^ "How to avoid or remove Mac Defender malware". 2011-05-24. http://support.apple.com/kb/ht4650. Retrieved 1 June 2011. 
  19. ^ < "Mac Guard: Apple users hit by second Mac malware scam". Christian Science Monitor Horizons blog. 26 May, 2001. http://www.csmonitor.com/Innovation/Horizons/2011/0526/Mac-Guard-Apple-users-hit-by-second-Mac-malware-scam<. 
  20. ^ "New Mac Defender Variant, MacGuard, Doesn’t Require Password for Installation". Mac Security Blog from Intego. 25 May, 2011. http://blog.intego.com/2011/05/25/intego-security-memo-new-mac-defender-variant-macguard-doesnt-require-password-for-installation/. 

This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)

Related answers

Does mac OS run on mac's? Read answer...
How can you check the mac address of your mac? Read answer...
Is mac keeper good for macs? Read answer...
How do you get a mac? Read answer...

Help us answer these

What does mac mean in the named mac Arthur?
Is humanity defender and defender of humanity is same?
When was Richard mac and maurice mac born?
What is the net worth of mac and mac Hydrodemolition Inc?

Post a question - any question - to the WikiAnswers community:

Copyrights:

Cite
Wikipedia on Answers.com This article is licensed under the Creative Commons Attribution/Share-Alike License. It uses material from the Wikipedia article Mac Defender. Read more

Related answers

What are the Mac iii and Mac ii and Mac?
What is mac and use of mac?
Why are mac computers called macs?
What are the lyrics to Miss Mary Mac Mac Mac?
» More

Answer these

When will dungeon defenders come out on mac?
How was the Mac-Mac falls formed?
What was the defender?
Why do you have defenders?
» more

Featured guides

» More

Mentioned in

List of Star Wars video games