Yearly Archives: 2011

Dealing with malware on Macs has been a non-issue until recent weeks. The “Mac Defender” trojan seems to have affected many Mac users, particularly the ones active on the web. Thankfully this is a weak trojan horse that is difficult to get, easy to remove and doesn’t cause any real damage. Most importantly, it does not try to spread itself like a virus.
MacMost has launched a new section, the Mac Virus and Malware Information Center. Here we have posted information and a video about the Mac Defender trojan. You can find out how to avoid it and how to remove it. In the future, we can update that section and post information there about other malware that may spring up.

Sometimes an app idea can seem ridiculous, but after trying it, you feel compelled to use it again later. Then again. Then the next thing you know it is one of your top apps. Foursquare is a location game. You “check in” at a restaurant, park, airport or wherever and get points for your check-ins. You link up with friends and compete against them to see who gets around more. You can also share notes, tips and pictures of places with friends and the whole world. It goes without saying that this isn’t for someone concerned about privacy. With the right group of friends, you can have fun and discover new places.

So you know those icons that appear in the upper right part of your screen in the menu bar? If you want to re-arrange them, all you need to do is hold the Option and Command keys down, and then click and drag the icons left or right. You can also remove an icon by dragging it down and out of the menubar.

“Using AirPlay on my iPad I can show you my vacation photos on the big screen! Isn’t technology great?”
“Uh, sure.”
“We have to go…”

My friend just bought a new mac desktop computer. She managed to install windows live messenger for a mac. It all works but the call computer feature. If someone calls her computer, she cannot answer the call, nor can she call another computer. How can this be remedied if anyone ... (2 Comments)

I recently watched your podcast on recording audio from another source. I have an mp4 file that is a copy of a video tape. I would like to create an audio file, only, of that video file. Will Soundflower be able to do this for me (redirecting the audio to ... (2 Comments)

I have a ripped video in Audio_TS and VIDEO_TS folders and wish to burnt them to a dvd that will play in a dvd player. Should I just highlight the 2 folders and burn through finder or is there some sort of extra encoding that I need to do. If so, which software would you ... (2 Comments)

Why does my Iphone 4 show lower speed test results than my macbook, for the same wi-fi router? (.17 Mbps vs 2.24 Mbps) Thank you all. —– GS Murthy ... (3 Comments)

Learn about the Mac Defender/Mac Protector trojan horse malware attack. See how it works. Find out how to protect yourself from it. Watch step-by-step how to remove it. This piece of malware tricks you into download and installing it with frightening, but completely fake, virus warnings. What it really wants is your credit card number. Fortunately it is easy to avoid and easy to remove.

Is there a shortcut to repeat a command in Numbers?… much like Command+Y in Excel. —– JT ... (4 Comments)

Hi Gary, I have made a couple of presentations with keynote using music from my itunes but when playing the presentations the music is jumping and fading in and out. The fault is not in itunes as it plays well on its own – just when in keynote I have the problems. If I ... (1 Comment)

Just curious. I got a new MacBook Air (11″), and I can’t figure out where the audio is coming from. Where are those speakers hiding? —– Cameron ... (2 Comments)

I get a lot of wmv files on email but can’t open them on my iPhone. What’s the best app for this Gary? —– Cyrus Dubash ... (1 Comment)

I have a bunch of mkv files that I want to send to a friend on hard copy. Trouble is, most of my friends don’t have mkv support on their video players; so I thought it best to create a dvd from them and send them that and they can view it on comp or tv, whatever. So just ... (1 Comment)

I downloaded Sound Flower, but when I browsed to its folder and tried to open it, I got this message: “The folder “Soundflower” can’t be opened because you don’t have permission to see its contents.” —– Cameron ... (4 Comments)

Can I screen share with a pc? —– Jared Digby ... (1 Comment)

What steps are needed to use checkboxes to add my state’s sales tax for an item sold. I have three columns: “E” (Price), “F” checkboxes and “G” for Total. When a checkbox is checked in a cell in column “F”, used to add my ... (5 Comments)

Learn how to record audio coming from applications using SoundFlower and WireTap Studio. SoundFlower acts as alternative sound input and output devices on your Mac. WireTap Studio lets you record and edit sound coming from all internal sources.

Update, August 1, 2011: Apple released a security update (2011-003) on June 1 that catches and removes this trojan for Snow Leopard users. New variants appeared, but Apple updated to counter those versions as well. Lion is not threatened by this malware. So this trojan is only a threat if you have a non-updated version of Snow Leopard or Leopard. However, it seems to have disappeared as a threat.
Check out MacMost Now, episode 555: Mac Defender Trojan for a video tutorial on this problem, how to avoid it, and how to clean your Mac if you have it.
The Mac Defender trojan, also know as the Mac Protector, Mac Security or Mac Guard trojan, is a clever deception that works like this:

• The user searches for something on the web and clicks on a link. Sometimes the bad link is part of a comment left at a news site.
• The page pops up various screens and graphics to make it appear as if the web page has detected a virus on your Mac. It is all fake.
• If you click on anything on that page, including the cancel button, a you will download the malicious “Mac Defender” installer.
• If you have “Open Safe Files After Downloading” then the installer will launch and run.
• At this point the installer asks for the admin password, to get permission to install. The Mac Guard variant doesn’t ask for a password, but still asks for permission to install.
• If the user gives the password, it installs and infects the Mac.
• Fake virus scanning screens appear and declare that the Mac is infected with a virus, a credit card number is requested so that the Mac can be cleaned.

The malware can be easily thwarted at almost any step along the way. Here are ways to protect yourself.

• If you come across a page on the web that says, in any way, that you are infected with a virus, just force-quit Safari. Control+option+click on Safari in the Dock and select “Force Quit,” then confirm the force quit. Do not click any buttons on the page, even if the buttons are labeled “cancel.” A web page cannot analyze your Mac for viruses and those graphics are simply fakes.
• Make sure you set Safari to NOT “Open Safe Files After Downloading.” In Safari, go to Safari, Preferences, General and uncheck it there.
• If you have downloaded the file, don’t run it. Delete it from your Downloads folder.
• If the installer has been automatically launched, don’t give it permission to install by entering your admin password. Cancel the install and delete it from your Downloads folder.
• If you have installed it, then you must remove it. Doing so involves a few simple steps:
  • Quit the application. Do this by running Activity Monitor. Show all processes in Activity Monitor and look for Mac Defender or Mac Protector. Select and force quit any you find.
  • Go to your Applications folder and find the program there. Drag it to the trash and empty trash.
  • Check in your System Preferences, Accounts, Login Items for your current account. See if there is any Mac Defender or Mac Protector process listed. If so, remove it.

Notes

The initial fake screen that comes up looks like a Finder window with other Mac-like graphics and elements. They are all fake. Like the coyote painting a tunnel entrance on the side of rock so the road runner will smash into it.

The sites that spread the trojan are not real sites, but ones that have found their way into Google search results, usually image searches. Many have been around for some time housing the Windows version of this same trojan.

Google has a system for removing these types of malicious sites from its results, and many of the pages that spread this trojan already appear to be gone from search results.

There are reports that once installed you will not only be pestered for your credit card information, but web site windows may appear at random to demonstrate that you have a virus in hope that you will be more likely to give your credit card number.

There are no reports of this trojan causing harm to the computer or data. It only seems to seek your credit card information.

There is a legitimate piece of software called MacDefender that was created by a German software company. This trojan has no relation to that.

Back to the Mac Virus and Malware Information Center.

Many terms are used to describe malware. Some are used to describe the delivery method. Others are used to describe what the malware does.
Delivery Method Terminology
Virus: A computer virus is a piece of malware that makes a copy of itself and attempt to spread itself to other computers over a network. Viruses can infect a computer with little or no action on the user’s part. (Read more: Wikipedia)
Trojan: A trojan is malware application, or an application infected with malware, that the user downloads and installs, not realizing it can cause harm. Like the “trojan horse” it is named after, the software appears to be something else. It does not attempt to spread itself further. (Read more: Wikipedia)
Functionality Terminology
The worst malware attempts to either harm your computer, deleting data, or it tries to steal come critical information like banking numbers or account passwords. Many malware terms apply to what the malware does once it is installed.
Spyware: This would record what you are doing, such as web sites you are visiting or email you receive and report it back to a source. A keylogger is spyware that records each keystroke, perhaps obtaining passwords in the process. Often spyware is installed by the owner of the computer to spy on a user, such as an employee, parent, spouse or school authority. (Read more: Wikipedia)
Adware: This could describe any software that includes advertisements, including completely legitimate software. But sometimes viruses or trojans can show advertisements or replace web advertisements without even implied permission from the user. (Read more: Wikipedia)
Back to the Mac Virus and Malware Information Center.