FREE Classified Ads - Alaska Forum

You are not connected. Please login or register

New Mac Malware Variant Doesn't Need an Admin's OK

Go down  Message [Page 1 of 1]


We'll give it to you straight. Santa Claus is a myth, the moon is green cheese-less, and Macs are vulnerable to malicious software. More evidence for the latter legend-buster is a new malware program that doesn't require a user to enter an administrative password to install it.

For years, Macs have enjoyed the reputation that they weren't susceptible to various kinds of malicious software as Windows machines are, because of the inherent strength of the Mac OS X platform. Many observers have also argued that, because the installed base of Macs was so small, it wasn't worth the effort for a self-respecting hacker.

'SEO Poisoning Attacks'

But now, as Macs are becoming more popular, that perception is changing. In recent weeks, a fake antispyware program called MAC Defender has been popping up on Macs, and a new variant has emerged.

According to Mac security firm Intego, MAC Defender targets users of that platform primarily through "SEO poisoning attacks," in which web sites with malicious code use search-optimization tricks to rank at the top of search results. A user who clicks on that search result is sent to a web site that shows a fake screen and a fake malware scan, after which it tells the user that the computer is infected.

JavaScript on the page automatically downloads a compressed ZIP file. If the user has been using Safari and the "open safe after downloading" option in Safari is enabled, the file is unzipped and the user is presented with an installer window for which the user's administrative password is required.

If the user proceeds with installation, MAC Defender launches. Intego describes the application as "very well designed" with a professional look, a number of different screens, attractive buttons, and correct spelling.

MAC Defender Variant

Once installed, MAC Defender indicates the computer is infected and opens web pages for pornographic sites every few minutes. To counter the "virus," the user is prompted to buy MAC Defender's "antivirus" protection service.

After a credit-card number has been entered into a license-purchasing page, the virus warnings stop. But there is no service, and the user has just given the malware authors his or her credit-card information.

Intego recommends not installing the application to begin with, of course, and to uncheck the "open safe files" option in Safari or other browsers.

One reason for the Macs-are-invincible myth is that Mac users thought they had to explicitly enter a password to install any software, thus providing a bulwark against malware. But now a variant of MAC Defender, called MacGuard, has been reported. It's placed in a user's Applications folder -- which doesn't require an administrator's password -- instead of the normal location in the systems-level folder.

If a user has set Safari to automatically launch downloaded files -- the "open safe files after downloading" option -- the malware's installer will launch on its own. If not, users will see a downloaded ZIP archive and may double-click on it to find what's in it, which leads to the installer.

After some delay, Apple has posted a tech note on its support site, entitled "How to avoid or remove MAC Defender malware." In addition to steps users can take, the note said the company will soon issue a Mac OS X update "that will automatically find and remove MAC Defender malware and its known variants."

View user profile

Back to top  Message [Page 1 of 1]

Permissions in this forum:
You cannot reply to topics in this forum


Free forum | © PunBB | Free forum support | Contact | Report an abuse | Free forum