135:
callers on how to use Force Quit and
Activity Monitor to stop Mac Defender, as well as not to direct callers to any discussions pertaining to the problems caused by Mac Defender. An anonymous AppleCare support employee said that Apple instituted the policy in order to prevent users from relying on technical support instead of anti-virus programs.
138:
AppleCare employees were told not to assist callers in removing the software, but Apple later promised a software patch. On 24 May 2011 Apple issued instructions on the prevention and removal of the malware. The Mac OS X security update 2011-003 was released on 31 May 2011, and includes not only an
89:
application, but later in the form of an "Apple-type interface". The program falsely appears to scan the system's hard drive. The user is then prompted to download a file that installs Mac
Defender, and is then asked to pay US$ 59.95 to US$ 79.95 for a license for the software. Rather than protect
134:
reported that the number of calls to AppleCare increased in volume due to Mac
Defender and that a majority of the calls at that time pertained to Mac Defender. AppleCare employees were told not to assist callers in removing the software. Specifically, support employees were told not to instruct
69:
Users typically encounter the program when opening an image found on a search engine. It appears as a pop-up indicating that viruses have been detected on the users' computer and suggests they download a program which, if installed, provides the users' personal information to unauthorized third
113:. Mac Defender was traced to ChronoPay by the email address of ChronoPay financial controller Alexandra Volkova. The email address appeared in domain registration for mac-defence.com and macbookprotection.com, two web sites Mac users are directed to in order to purchase the security software.
98:(by passing on credit card information to the cracker). A newer variant installs itself without needing the user to enter a password. All variants require the user to actively click through an installer to complete installation even if a password is not required.
117:
is Russia's largest online payment processor. The web sites were hosted in
Germany and were suspended by Czech registrar Webpoint.name. ChronoPay had earlier been linked to another scam in which users involved in file sharing were asked to pay a fine.
591:
565:
457:
201:
413:
61:
A variant of the program, known as Mac Guard, has been reported which does not require the user to enter a password to install the program, although one still does have to run the installer.
58:
threat to the
Macintosh platform (although it does not attach to or damage any part of OS X). However, it is not the first Mac-specific Trojan, and is not self-propagating.
675:
595:
569:
461:
227:
205:
388:
54:
discovered the fake antivirus software on 2 May 2011, with a patch not being provided by Apple until 31 May. The software has been described as the first major
417:
301:
731:
439:
280:
493:
653:
139:
automatic removal of the trojan, and other security updates, but a new feature that automatically updates malware definitions from
804:
702:
354:
327:
235:
757:
617:
373:
305:
43:
85:. When a user accesses such a malicious link, a fake scanning window appears, originally in the style of a
814:
809:
152:
74:
82:
106:
The software has been traced through German websites, which have been closed down, to the
Russian
257:
90:
against viruses, Mac
Defender hijacks the user's Internet browser to display sites related to
676:"Apple support to infected Mac users: 'You cannot show the customer how to stop the process'"
114:
110:
359:
Mac
Defender has been making a lot of noise as one of the first major Mac security threats
635:
539:
107:
95:
520:
798:
331:
328:"Say hello to MAC Defender, the first major widespread piece of Mac based malware"
91:
592:"New Mac Defender Variant, MacGuard, Doesn't Require Password for Installation"
566:"New Mac Defender Variant, MacGuard, Doesn't Require Password for Installation"
458:"New Mac Defender Variant, MacGuard, Doesn't Require Password for Installation"
414:"Mac Defender fake antivirus software is first major attack on Apple computers"
389:"Mac Defender fake antivirus software is first major attack on Apple computers"
140:
86:
78:
126:
According to Sophos, by 24 May, 2011, there had been sixty thousand calls to
157:
127:
55:
775:
355:"How to Protect Your Computer from Mac Defender and Its Counterparts"
179:
51:
540:"New Mac Malware Fools Customers, But Threat Still Relatively Small"
130:
technical support about Mac
Defender-related issues, and Ed Bott of
732:"Malware on your Mac? Don't expect AppleCare to help you remove it"
594:. The Mac Security Blog » INTEGO SECURITY MEMO. Archived from
568:. The Mac Security Blog » INTEGO SECURITY MEMO. Archived from
494:"Mac users hit with fake anti-virus when using Google image search"
761:
131:
47:
703:"An AppleCare support rep talks: Mac malware is "getting worse""
460:. Mac Security Blog from Intego. 25 May 2011. Archived from
440:< "Mac Guard: Apple users hit by second Mac malware scam"
758:"Mac malware authors release a new, more dangerous version"
669:
667:
654:"Russia's ChronoPay Executive Linked to Mac Defender Scam"
281:"WARNING: This Mac App Is Stealing Credit Card Numbers"
636:"MacDefender Scareware Linked to Russian Payment Site"
374:"New Mac Trojan horse masquerades as virus scanner"
725:
723:
174:
172:
776:"How to avoid or remove Mac Defender malware"
487:
485:
483:
481:
479:
8:
258:"Threat Description: Rogue:OSX/FakeMacDef.A"
304:. techday.co.nz. 4 May 2011. Archived from
521:"How bad is the Mac malware scare? (FAQ)"
444:Christian Science Monitor Horizons blog
168:
7:
79:search engine optimization poisoning
674:Wisniewski, Chester (24 May 2011).
228:"Mac malware morphs to 'MacShield'"
618:"Apple takes on Mac Defender Scam"
492:Wisniewski, Chester (2 May 2011).
416:. crave.cnet.co.uk. Archived from
14:
387:Trenholm, Richard (20 May 2011).
180:"About Security Update 2011-003"
330:. left-click.us. Archived from
279:Hamburger, Ellis (2 May 2011).
94:, and also exposes the user to
46:that targets computers running
730:Cluley, Graham (18 May 2011).
538:Chen, Brian X. (19 May 2011).
302:"Macs face first virus threat"
1:
519:Mills, Elinor (19 May 2011).
204:. 25 May 2001. Archived from
658:International Business Times
622:International Business Times
353:Dachis, Adam (25 May 2011).
831:
202:"Intego Mac Security Blog"
50:. The Mac security firm
701:Bott, Ed (18 May 2011).
372:Dan Moren (2 May 2011).
805:Rogue security software
234:. MSNBC. Archived from
73:The program appears in
16:Rogue security software
44:rogue security program
546:. Condé Nast Digital
153:Leap (computer worm)
83:Google Image Search
640:News & Opinion
361:. lifehacker.com.
308:on 9 October 2011
81:on sites such as
42:) is an internet
822:
788:
787:
785:
783:
772:
766:
765:
754:
748:
747:
745:
743:
727:
718:
717:
715:
713:
698:
692:
691:
689:
687:
671:
662:
661:
650:
644:
643:
632:
626:
625:
614:
608:
607:
605:
603:
588:
582:
581:
579:
577:
562:
556:
555:
553:
551:
535:
529:
528:
516:
510:
509:
507:
505:
489:
474:
473:
471:
469:
454:
448:
447:
436:
430:
429:
427:
425:
410:
404:
403:
401:
399:
384:
378:
377:
369:
363:
362:
350:
344:
343:
341:
339:
324:
318:
317:
315:
313:
298:
292:
291:
289:
287:
276:
270:
269:
267:
265:
254:
248:
247:
245:
243:
224:
218:
217:
215:
213:
198:
192:
191:
189:
187:
176:
830:
829:
825:
824:
823:
821:
820:
819:
795:
794:
791:
781:
779:
774:
773:
769:
756:
755:
751:
741:
739:
729:
728:
721:
711:
709:
700:
699:
695:
685:
683:
673:
672:
665:
652:
651:
647:
634:
633:
629:
616:
615:
611:
601:
599:
590:
589:
585:
575:
573:
564:
563:
559:
549:
547:
537:
536:
532:
518:
517:
513:
503:
501:
491:
490:
477:
467:
465:
456:
455:
451:
438:
437:
433:
423:
421:
420:on 22 July 2011
412:
411:
407:
397:
395:
386:
385:
381:
376:. macworld.com.
371:
370:
366:
352:
351:
347:
337:
335:
334:on 26 June 2012
326:
325:
321:
311:
309:
300:
299:
295:
285:
283:
278:
277:
273:
263:
261:
256:
255:
251:
241:
239:
226:
225:
221:
211:
209:
200:
199:
195:
185:
183:
178:
177:
170:
166:
149:
124:
104:
75:malicious links
67:
22:(also known as
17:
12:
11:
5:
828:
826:
818:
817:
812:
807:
797:
796:
790:
789:
767:
764:. 25 May 2011.
749:
736:Naked Security
719:
693:
680:Naked Security
663:
645:
627:
624:. 29 May 2011.
609:
598:on 27 May 2011
583:
572:on 27 May 2011
557:
530:
511:
498:Naked Security
475:
464:on 27 May 2011
449:
446:. 26 May 2001.
431:
405:
379:
364:
345:
319:
293:
271:
249:
238:on 6 June 2011
219:
208:on 27 May 2011
193:
167:
165:
162:
161:
160:
155:
148:
145:
123:
122:Apple response
120:
108:online payment
103:
100:
96:identity theft
66:
63:
15:
13:
10:
9:
6:
4:
3:
2:
827:
816:
815:Trojan horses
813:
811:
810:MacOS malware
808:
806:
803:
802:
800:
793:
778:. 24 May 2011
777:
771:
768:
763:
759:
753:
750:
737:
733:
726:
724:
720:
708:
704:
697:
694:
681:
677:
670:
668:
664:
659:
655:
649:
646:
641:
637:
631:
628:
623:
619:
613:
610:
597:
593:
587:
584:
571:
567:
561:
558:
545:
541:
534:
531:
526:
522:
515:
512:
499:
495:
488:
486:
484:
482:
480:
476:
463:
459:
453:
450:
445:
441:
435:
432:
419:
415:
409:
406:
394:
390:
383:
380:
375:
368:
365:
360:
356:
349:
346:
333:
329:
323:
320:
307:
303:
297:
294:
282:
275:
272:
259:
253:
250:
237:
233:
229:
223:
220:
207:
203:
197:
194:
182:. 31 May 2011
181:
175:
173:
169:
163:
159:
156:
154:
151:
150:
146:
144:
142:
136:
133:
129:
121:
119:
116:
112:
109:
101:
99:
97:
93:
88:
84:
80:
76:
71:
64:
62:
59:
57:
53:
49:
45:
41:
37:
33:
29:
25:
24:Mac Protector
21:
792:
780:. Retrieved
770:
752:
740:. Retrieved
735:
710:. Retrieved
706:
696:
684:. Retrieved
679:
657:
648:
642:. PCMag.com.
639:
630:
621:
612:
600:. Retrieved
596:the original
586:
574:. Retrieved
570:the original
560:
548:. Retrieved
543:
533:
524:
514:
502:. Retrieved
497:
466:. Retrieved
462:the original
452:
443:
434:
422:. Retrieved
418:the original
408:
396:. Retrieved
392:
382:
367:
358:
348:
336:. Retrieved
332:the original
322:
310:. Retrieved
306:the original
296:
284:. Retrieved
274:
262:. Retrieved
252:
240:. Retrieved
236:the original
231:
222:
210:. Retrieved
206:the original
196:
184:. Retrieved
137:
125:
105:
72:
68:
60:
39:
35:
31:
28:Mac Security
27:
23:
20:Mac Defender
19:
18:
264:11 February
92:pornography
799:Categories
398:17 January
286:7 December
260:. F-Secure
164:References
87:Windows XP
77:spread by
40:FakeMacDef
36:Mac Shield
232:Technolog
158:Fakeflash
128:AppleCare
115:ChronoPay
111:ChronoPay
70:parties.
32:Mac Guard
738:. Sophos
682:. Sophos
500:. Sophos
147:See also
65:Symptoms
56:malware
782:1 June
742:24 May
712:24 May
686:24 May
602:27 May
576:27 May
550:24 May
504:24 May
468:27 May
424:27 May
338:27 May
312:27 May
242:5 June
212:27 May
186:31 May
102:Origin
52:Intego
38:, and
762:ZDNet
707:ZDNet
544:Wired
141:Apple
132:ZDNet
48:macOS
784:2011
744:2011
714:2011
688:2011
604:2011
578:2011
552:2011
525:CNET
506:2011
470:2011
426:2011
400:2023
393:CNET
340:2011
314:2011
288:2011
266:2013
244:2011
214:2011
188:2011
801::
760:.
734:.
722:^
705:.
678:.
666:^
656:.
638:.
620:.
542:.
523:.
496:.
478:^
442:.
391:.
357:.
230:.
171:^
143:.
34:,
30:,
26:,
786:.
746:.
716:.
690:.
660:.
606:.
580:.
554:.
527:.
508:.
472:.
428:.
402:.
342:.
316:.
290:.
268:.
246:.
216:.
190:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.