You are here: Home / Data Security / New Mac Malware Skips Admin OK
New Mac Malware Variant Doesn't Need an Admin's OK
New Mac Malware Variant Doesn't Need an Admin's OK
By Barry Levine / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus

We'll give it to you straight. Santa Claus is a myth, the moon is green cheese-less, and Macs are vulnerable to malicious software. More evidence for the latter legend-buster is a new malware program that doesn't require a user to enter an administrative password to install it.

For years, Macs have enjoyed the reputation that they weren't susceptible to various kinds of malicious software as Windows machines are, because of the inherent strength of the Mac OS X platform. Many observers have also argued that, because the installed base of Macs was so small, it wasn't worth the effort for a self-respecting hacker.

'SEO Poisoning Attacks'

But now, as Macs are becoming more popular, that perception is changing. In recent weeks, a fake antispyware program called MAC Defender has been popping up on Macs, and a new variant has emerged.

According to Mac Relevant Products/Services firm Intego, MAC Defender targets users of that platform primarily through "SEO poisoning attacks," in which web sites with malicious code use search-optimization tricks to rank at the top of search results. A user who clicks on that search result is sent to a web site that shows a fake screen and a fake malware scan, after which it tells the user that the computer is infected.

JavaScript on the page automatically downloads a compressed ZIP file. If the user has been using Safari and the "open safe after downloading" option in Safari is enabled, the file is unzipped and the user is presented with an installer window for which the user's administrative password is required.

If the user proceeds with installation, MAC Defender launches. Intego describes the application as "very well designed" with a professional look, a number of different screens, attractive buttons, and correct spelling.

MAC Defender Variant

Once installed, MAC Defender indicates the computer is infected and opens web pages for pornographic sites every few minutes. To counter the "virus," the user is prompted to buy MAC Defender's "antivirus" Relevant Products/Services service.

After a credit-card number has been entered into a license-purchasing page, the virus warnings stop. But there is no service, and the user has just given the malware authors his or her credit-card information.

Intego recommends not installing the application to begin with, of course, and to uncheck the "open safe files" option in Safari or other browsers.

One reason for the Macs-are-invincible myth is that Mac users thought they had to explicitly enter a password to install any software, thus providing a bulwark against malware. But now a variant of MAC Defender, called MacGuard, has been reported. It's placed in a user's Applications folder -- which doesn't require an administrator's password -- instead of the normal location in the systems-level folder.

If a user has set Safari to automatically launch downloaded files -- the "open safe files after downloading" option -- the malware's installer will launch on its own. If not, users will see a downloaded ZIP archive and may double-click on it to find what's in it, which leads to the installer.

After some delay, Apple has posted a tech note on its support site, entitled "How to avoid or remove MAC Defender malware." In addition to steps users can take, the note said the company will soon issue a Mac OS X update "that will automatically find and remove MAC Defender malware and its known variants."

Tell Us What You Think


Posted: 2011-05-26 @ 11:16pm PT
No OS can protect users from their own dumbness. A user-approval is indeed necessary, it is when you trust the whole web with that stupid option. Besides, it needs the user to trust an app (that isn't even supposed to be on his computer in the first place) enough to give it his credit card informations.
So the only mac 'malware' isn't founded on mac's weakness, but on user's (it actually needs two mistakes, both being obvious, to be efficient). That sure means mac is vulnerable.

Santa Claus:
Posted: 2011-05-26 @ 10:20pm PT
If you expect readers to trust you, perhaps you shouldn't have introduced your story with a gratuitous and unwarranted: "We'll give it to you straight: Santa Claus is a myth..."

My legal name is Santa Claus, and I'm a child advocate and Christian Bishop and Monk. Please visit TheSanta dot im and become better informed.

In any case, I happen to own a MacBook Pro and appreciate your coverage of the MAC Defender vulnerability.

Like Us on FacebookFollow Us on Twitter

If there's such a thing as "ethical malware," the software security firm Symantec said it might have identified an example: a piece of code that has infected tons of routers but actually makes them safer.

Hitting the market tomorrow, Amazon is billing its new Fire HD tablets as lighter and more durable than Apple's much more expensive iPad Air. But Amazon probably doesn't have iPad killers on its hands.

© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.