We'll give it to you straight. Santa Claus is a myth, the moon is green cheese-less, and Macs are vulnerable to malicious software. More evidence for the latter legend-buster is a new malware program that doesn't require a user to enter an administrative password to install it.
For years, Macs have enjoyed the reputation that they weren't susceptible to various kinds of malicious software as Windows machines are, because of the inherent strength of the Mac OS X platform. Many observers have also argued that, because the installed base of Macs was so small, it wasn't worth the effort for a self-respecting hacker.
'SEO Poisoning Attacks'
But now, as Macs are becoming more popular, that perception is changing. In recent weeks, a fake antispyware program called MAC Defender has been popping up on Macs, and a new variant has emerged.
According to Mac security firm Intego, MAC Defender targets users of that platform primarily through "SEO poisoning attacks," in which web sites with malicious code use search-optimization tricks to rank at the top of search results. A user who clicks on that search result is sent to a web site that shows a fake screen and a fake malware scan, after which it tells the user that the computer is infected.
If the user proceeds with installation, MAC Defender launches. Intego describes the application as "very well designed" with a professional look, a number of different screens, attractive buttons, and correct spelling.
MAC Defender Variant
Once installed, MAC Defender indicates the computer is infected and opens web pages for pornographic sites every few minutes. To counter the "virus," the user is prompted to buy MAC Defender's "antivirus" protection service.
After a credit-card number has been entered into a license-purchasing page, the virus warnings stop. But there is no service, and the user has just given the malware authors his or her credit-card information.
Intego recommends not installing the application to begin with, of course, and to uncheck the "open safe files" option in Safari or other browsers.
One reason for the Macs-are-invincible myth is that Mac users thought they had to explicitly enter a password to install any software, thus providing a bulwark against malware. But now a variant of MAC Defender, called MacGuard, has been reported. It's placed in a user's Applications folder -- which doesn't require an administrator's password -- instead of the normal location in the systems-level folder.
If a user has set Safari to automatically launch downloaded files -- the "open safe files after downloading" option -- the malware's installer will launch on its own. If not, users will see a downloaded ZIP archive and may double-click on it to find what's in it, which leads to the installer.
After some delay, Apple has posted a tech note on its support site, entitled "How to avoid or remove MAC Defender malware." In addition to steps users can take, the note said the company will soon issue a Mac OS X update "that will automatically find and remove MAC Defender malware and its known variants."
Posted: 2011-05-26 @ 11:16pm PT
No OS can protect users from their own dumbness. A user-approval is indeed necessary, it is when you trust the whole web with that stupid option. Besides, it needs the user to trust an app (that isn't even supposed to be on his computer in the first place) enough to give it his credit card informations.
So the only mac 'malware' isn't founded on mac's weakness, but on user's (it actually needs two mistakes, both being obvious, to be efficient). That sure means mac is vulnerable.
Posted: 2011-05-26 @ 10:20pm PT
If you expect readers to trust you, perhaps you shouldn't have introduced your story with a gratuitous and unwarranted: "We'll give it to you straight: Santa Claus is a myth..."
My legal name is Santa Claus, and I'm a child advocate and Christian Bishop and Monk. Please visit TheSanta dot im and become better informed.
In any case, I happen to own a MacBook Pro and appreciate your coverage of the MAC Defender vulnerability.