Update, August 1, 2011: Apple released a security update (2011-003) on June 1 that catches and removes this trojan for Snow Leopard users. New variants appeared, but Apple updated to counter those versions as well. Lion is not threatened by this malware. So this trojan is only a threat if you have a non-updated version of Snow Leopard or Leopard. However, it seems to have disappeared as a threat.
Check out MacMost Now, episode 555: Mac Defender Trojan for a video tutorial on this problem, how to avoid it, and how to clean your Mac if you have it.
The Mac Defender trojan, also know as the Mac Protector, Mac Security or Mac Guard trojan, is a clever deception that works like this:
- The user searches for something on the web and clicks on a link. Sometimes the bad link is part of a comment left at a news site.
- The page pops up various screens and graphics to make it appear as if the web page has detected a virus on your Mac. It is all fake.
- If you click on anything on that page, including the cancel button, a you will download the malicious “Mac Defender” installer.
- If you have “Open Safe Files After Downloading” then the installer will launch and run.
- At this point the installer asks for the admin password, to get permission to install. The Mac Guard variant doesn’t ask for a password, but still asks for permission to install.
- If the user gives the password, it installs and infects the Mac.
- Fake virus scanning screens appear and declare that the Mac is infected with a virus, a credit card number is requested so that the Mac can be cleaned.
The malware can be easily thwarted at almost any step along the way. Here are ways to protect yourself.
- If you come across a page on the web that says, in any way, that you are infected with a virus, just force-quit Safari. Control+option+click on Safari in the Dock and select “Force Quit,” then confirm the force quit. Do not click any buttons on the page, even if the buttons are labeled “cancel.” A web page cannot analyze your Mac for viruses and those graphics are simply fakes.
Make sure you set Safari to NOT “Open Safe Files After Downloading.” In Safari, go to Safari, Preferences, General and uncheck it there.- If you have downloaded the file, don’t run it. Delete it from your Downloads folder.
- If the installer has been automatically launched, don’t give it permission to install by entering your admin password. Cancel the install and delete it from your Downloads folder.
- If you have installed it, then you must remove it. Doing so involves a few simple steps:
- Quit the application. Do this by running Activity Monitor. Show all processes in Activity Monitor and look for Mac Defender or Mac Protector. Select and force quit any you find.
- Go to your Applications folder and find the program there. Drag it to the trash and empty trash.
- Check in your System Preferences, Accounts, Login Items for your current account. See if there is any Mac Defender or Mac Protector process listed. If so, remove it.
Notes
Back to the Mac Virus and Malware Information Center.
Many terms are used to describe malware. Some are used to describe the delivery method. Others are used to describe what the malware does.
Delivery Method Terminology
Virus: A computer virus is a piece of malware that makes a copy of itself and attempt to spread itself to other computers over a network. Viruses can infect a computer with little or no action on the user’s part. (Read more: Wikipedia)
Trojan: A trojan is malware application, or an application infected with malware, that the user downloads and installs, not realizing it can cause harm. Like the “trojan horse” it is named after, the software appears to be something else. It does not attempt to spread itself further. (Read more: Wikipedia)
Functionality Terminology
The worst malware attempts to either harm your computer, deleting data, or it tries to steal come critical information like banking numbers or account passwords. Many malware terms apply to what the malware does once it is installed.
Spyware: This would record what you are doing, such as web sites you are visiting or email you receive and report it back to a source. A keylogger is spyware that records each keystroke, perhaps obtaining passwords in the process. Often spyware is installed by the owner of the computer to spy on a user, such as an employee, parent, spouse or school authority. (Read more: Wikipedia)
Adware: This could describe any software that includes advertisements, including completely legitimate software. But sometimes viruses or trojans can show advertisements or replace web advertisements without even implied permission from the user. (Read more: Wikipedia)
Back to the Mac Virus and Malware Information Center.
Apple issued updates for iPhoto and Apple TV 2 this week. Both updates fixed some bugs. In iPhoto, merged events will no longer split up again when synced to an iPhone. On the Apple TV, 2 a variety of video and audio issues were addressed.
Apple and two app makers have been hit with a lawsuit over privacy. The suit claims that the unique phone ID is being used to track individuals and serve advertisements. It appears that those two app makers were specifically targeted only because they were mentioned in a Wall Street Journal article about user tracking.
Apple has reportedly decided this week to not use its advertising network, iAd, on apps meant for kids. A message to one developer said this was at the request of advertisers. This may leave some app creators without a source of revenue for apps they have spent time and money developing.
Microsoft has made a deal to buy Internet telephone company Skype from eBay. This alarmed many Mac and iOS users, fearing that they may lose support. But Microsoft issued a statement saying they plan to continue to support non-Microsoft platforms.
If you hold down the Option key and press the brightness keys (F1 and F2) it will bring up the System Preferences, Displays pane. You may need to hold down the “fn” key too, depending on your keyboard settings. You can also get the Expose & Spaces pane with Option+F3, and the Sound pane with the two volume keys (F11 and F12). Older keyboards will work slightly differently, so experiment.
Its fun to have a lot of your music on your iPhone and to be able to jump from song to song at a party, in the car or wherever. But when you want to do something better than cutting off one song to go to another, look into some of the cheap live mixing apps like djay. With this you can fade one song into another, match beats, play with loops and scratching, and so on. Lots of fun with your iPod music library. There’s even an automatic mode that is a better way to listen to your playlists and shuffle than the built-in iPod app.
“My new toaster has an App Store. For 99 cents I can get an app that burns a picture of Elvis into the toast. For $2.99 it will tweet when the toast is done.”
In addition to setting the background image of the desktop, you can also set the background of a folder to an image or color. Open the folder in the Finder. Set the view to “as Icons.” Then choose View, Show View Options. You should see a Background setting which you can change from White to Color or Picture. Set it to Picture and drag and drop any image into the “Drag image here” area.
Doodle God is a strange game of discovery. You start by combining two elements to make a new element, like earth and fire make lava. Then you continue to combine elements to build new ones until you end up with complex creations. Oddly addictive, definitely different.
Apple updated the entire iMac line with new processors, ports, camera and graphics. The new iMacs went on sale on Tuesday with essentially the same exterior design, but new internal parts. There are 21.5-inch and 27-inch screen models.
All of the iMacs now feature quad-core Intel Core i5 processors as standard, with options to get an i7 as well. In addition, they all have the new high-speed Thunderbolt ports that support an external screen as well as hard drives and video equipment. The graphics chips range from the AMD 6750M to the AMD 6970M. The built-in camera is now 720p HD.
“The new MacBook Air weighs -3 ounces. Would you like me to get one down from the ceiling for you?”
I often use my iPhone to take pictures of pages or documents. It is easier than writing notes, or bringing a scanner with me. The different between using the Camera app and Genius Scan+ is that Genius Scan+ will usually recognize the border of the document and adjusts the perspective to make the document flat, as if it was scanned, even if I took the picture at an angle. Even when it doesn’t get it right, it allows me to adjust the corners so I can make it better. You can export single pages as jpeg images, and multiple pages as PDFs. You can send to services like Dropbox, Google Docs and Evernote too.
If you ever find yourself browsing over a slow connection, and you want to get to information quickly, try turning off images in Safari. Go to Safari Preferences, Appearance, and then uncheck “Display images when the page opens.”
Unfortunately, there is no way to then ask Safari to load the images. But you can leave the Appearance preferences window open, and then check the box and reload the page if you want to see the images. Or, Control+click on a specific image and open it in a new tab or window.
Since the reporting last week that iPhones keep a record of location data, information and misinformation has been inundating the tech news world. This week Apple responded to the reports.
Turns out that iPhones have been keeping cache of cell phone tower positions, not tracking your exact location. And this information is stored on your iPhone and backed up to your computer along with everything else on your iPhone. But it is not sent to Apple or anyone else. The data apparently helps speed up location determination used by apps.
