5/5/11
2:44 pm

Forum Question: MacDefender MALWARE DO NOT INSTALL

Before you do anymore Surfing with Safari,go to Prefs and uncheck “Open safe files after downloading”
Here is the scoop on what it does.
On Apple Support Communities: https://discussions.apple.com/thread/3035144?start=0&tstart=0
—–
Ross Wright

Comments: 2 Responses to “MacDefender MALWARE DO NOT INSTALL”

    5/5/11 @ 2:52 pm

    So, just to be clear, the deal is this:
    “MacDefender” is a weak trojan. More like a con, than anything else.
    It comes by many names, not just MacDefender. But the basic idea is:
    1. You surf to a site that for some reason has this malicious code on it (I don’t know of one that does, but it must exist somewhere or no one would know about it).
    2. You get a fake “advertisement” that says you may be infected or you need protection or something. The ad even looks like an Internet Explorer window, for what I have heard.
    3. Reportedly it then forces your browser to download an installer. It is just a harmless binary file at this point. That’s why it is a good idea to have “Open safe files after downloading” turned off. So it is just a harmless file, and doesn’t run automatically.
    4. If you then launch this installer for some reason, it will prompt you for your password to install.
    5. If you give it your password, it will install.
    6. It then runs a fake virus check and says you have all sorts of fake problems.
    7. It then asks you for your credit card info to proceed with the full version and “fix” these fake problems.
    If you for some reason go forward with 4, 5 and 6, then it is just a matter of quitting the application and throwing it in the trash.
    So really just a con or “phishing” attack.

    Ross Wright
    5/5/11 @ 3:38 pm

    Don’t know if this helps,but Intego has a short video they created to show what happens if you come across an infected site.

    http://blog.intego.com/2011/05/05/intego-discovers-new-variants-of-mac-defender-fake-antivirus/

Comments Closed.