After days of silence in the face of persistent reports that Mac OS X users were getting infected by the MacDefender fake antivirus scareware, Apple posted instructions on removing the virus and promised a cleaning tool.
finally broken its silence on the MacDefender
and other fake AV variants that have been making the rounds
recently. The company promised a Mac OS X update to remove the malware.
will deliver a Mac OS X software update "in the coming days" that will
automatically find and remove MacDefender malware and its known variants, Apple
said in a support document dated May 24. The update will also provide an
explicit warning if the user downloads the malware in the future.
document titled, "How to avoid or
remove Mac Defender malware,
" Apple acknowledged the scam's existence and
outlined steps on avoiding installing the software, deleting it before it is
installed and uninstalling if it's already on the machine.
-anti-virus' [MacDefender] software is malware (i.e. malicious software).
Its ultimate goal is to get the user's credit card information, which may be
used for fraudulent purposes," Apple wrote.
the company's first public admission that malware exists for the Mac OS X
platform. Apple created a "false sense of security" through its marketing and
advertisements suggesting Apple users are immune to security threats, Chester
Wisniewski, senior security adviser at Sophos, told eWEEK.
some of their flock are affected, it would be good of them to at least point
people in the right direction," Wisniewski said.
several variants of the fake AV for Mac OS X currently in circulation, with
names such as MacDefender, MacProtector, MacSecurity and Apple Security Center,
according to Dan Clark, vice president of marketing at ESET. Most users are
scammed when they are redirected from legitimate Websites to fake sites that
warn them the computer is "infected" with a virus and are told to enter a
credit card number to purchase an antivirus solution. MacDefender also opens up
pop-ups with adult content ads every few minutes to strengthen the impression
that the users need MacDefender.
warned users against providing credit card information or entering their
administrator password when prompted by the software installer.
remained silent over the past few days after ZDNet's Ed Bott published a
transcript of a conversation with an AppleCare
and a copy of an internal memo where Apple instructed its
support employees not to acknowledge the existence
or to offer any assistance in removing the malware.
avoid getting scammed midattack if they force quit their browsers as soon as
they see the phony notifications. Because the malware attaches itself to the
launch menu and has no dock icon, it is difficult to quit in the normal way,
according to Mac security firm Intego.
originally instructed its employees to not teach users how to force quit if
they realize that the user was calling about MacDefender. In the latest support
document, Apple instructed users how to force quit, delete the downloaded
malware and uninstall the software.
MacDefender variant has emerged that is more dangerous than the other versions
because it does not need a password to be installed, Intego warned May 25. Like
most Mac OS X applications, MacDefender and others require users to enter the
administrator password to authorize the software installer.
executes if the user has the "Open -safe' files after downloading" option
checked in Safari and does not require any administrator password to install in
the Applications folder, Intego said. If the user sees something that looks
like a Finder window claiming to be scanning the Mac, "know that this is bogus,"
is pretty widespread, with links on Google image searches and other legitimate
pages, although it appears that Google has been able to track down and remove a
number of malicious links. Bott estimated that the total number of customers
affected could be between 60,000 and 125,000, "and growing."
malware's name and user interface are going to change continuously, so Mac
users should be on the lookout for the type of behavior where an application is
going to ask for the credit card number, ESET's Clark said. "There is no
legitimate antivirus or security software that alerts you through a browser
that malware of any type has been detected then tries to install itself," Clark
has long been a problem for Windows users. Regardless of the platform, all
users now need to be security-conscious, according to Wisniewski. "When enough
people let their guard down, they are easy targets and criminals will take
advantage of the lowest hanging fruit," said Wisniewski.