Knowledge

Mac Defender

Source 📝

135:
callers on how to use Force Quit and Activity Monitor to stop Mac Defender, as well as not to direct callers to any discussions pertaining to the problems caused by Mac Defender. An anonymous AppleCare support employee said that Apple instituted the policy in order to prevent users from relying on technical support instead of anti-virus programs.
138:
AppleCare employees were told not to assist callers in removing the software, but Apple later promised a software patch. On 24 May 2011 Apple issued instructions on the prevention and removal of the malware. The Mac OS X security update 2011-003 was released on 31 May 2011, and includes not only an
89:
application, but later in the form of an "Apple-type interface". The program falsely appears to scan the system's hard drive. The user is then prompted to download a file that installs Mac Defender, and is then asked to pay US$ 59.95 to US$ 79.95 for a license for the software. Rather than protect
134:
reported that the number of calls to AppleCare increased in volume due to Mac Defender and that a majority of the calls at that time pertained to Mac Defender. AppleCare employees were told not to assist callers in removing the software. Specifically, support employees were told not to instruct
69:
Users typically encounter the program when opening an image found on a search engine. It appears as a pop-up indicating that viruses have been detected on the users' computer and suggests they download a program which, if installed, provides the users' personal information to unauthorized third
113:. Mac Defender was traced to ChronoPay by the email address of ChronoPay financial controller Alexandra Volkova. The email address appeared in domain registration for mac-defence.com and macbookprotection.com, two web sites Mac users are directed to in order to purchase the security software. 98:(by passing on credit card information to the cracker). A newer variant installs itself without needing the user to enter a password. All variants require the user to actively click through an installer to complete installation even if a password is not required. 117:
is Russia's largest online payment processor. The web sites were hosted in Germany and were suspended by Czech registrar Webpoint.name. ChronoPay had earlier been linked to another scam in which users involved in file sharing were asked to pay a fine.
591: 565: 457: 201: 413: 61:
A variant of the program, known as Mac Guard, has been reported which does not require the user to enter a password to install the program, although one still does have to run the installer.
58:
threat to the Macintosh platform (although it does not attach to or damage any part of OS X). However, it is not the first Mac-specific Trojan, and is not self-propagating.
675: 595: 569: 461: 227: 205: 388: 54:
discovered the fake antivirus software on 2 May 2011, with a patch not being provided by Apple until 31 May. The software has been described as the first major
417: 301: 731: 439: 280: 493: 653: 139:
automatic removal of the trojan, and other security updates, but a new feature that automatically updates malware definitions from
804: 702: 354: 327: 235: 757: 617: 373: 305: 43: 85:. When a user accesses such a malicious link, a fake scanning window appears, originally in the style of a 814: 809: 152: 74: 82: 106:
The software has been traced through German websites, which have been closed down, to the Russian
257: 90:
against viruses, Mac Defender hijacks the user's Internet browser to display sites related to
676:"Apple support to infected Mac users: 'You cannot show the customer how to stop the process'" 114: 110: 359:
Mac Defender has been making a lot of noise as one of the first major Mac security threats
635: 539: 107: 95: 520: 798: 331: 328:"Say hello to MAC Defender, the first major widespread piece of Mac based malware" 91: 592:"New Mac Defender Variant, MacGuard, Doesn't Require Password for Installation" 566:"New Mac Defender Variant, MacGuard, Doesn't Require Password for Installation" 458:"New Mac Defender Variant, MacGuard, Doesn't Require Password for Installation" 414:"Mac Defender fake antivirus software is first major attack on Apple computers" 389:"Mac Defender fake antivirus software is first major attack on Apple computers" 140: 86: 78: 126:
According to Sophos, by 24 May, 2011, there had been sixty thousand calls to
157: 127: 55: 775: 355:"How to Protect Your Computer from Mac Defender and Its Counterparts" 179: 51: 540:"New Mac Malware Fools Customers, But Threat Still Relatively Small" 130:
technical support about Mac Defender-related issues, and Ed Bott of
732:"Malware on your Mac? Don't expect AppleCare to help you remove it" 594:. The Mac Security Blog » INTEGO SECURITY MEMO. Archived from 568:. The Mac Security Blog » INTEGO SECURITY MEMO. Archived from 494:"Mac users hit with fake anti-virus when using Google image search" 761: 131: 47: 703:"An AppleCare support rep talks: Mac malware is "getting worse"" 460:. Mac Security Blog from Intego. 25 May 2011. Archived from 440:< "Mac Guard: Apple users hit by second Mac malware scam" 758:"Mac malware authors release a new, more dangerous version" 669: 667: 654:"Russia's ChronoPay Executive Linked to Mac Defender Scam" 281:"WARNING: This Mac App Is Stealing Credit Card Numbers" 636:"MacDefender Scareware Linked to Russian Payment Site" 374:"New Mac Trojan horse masquerades as virus scanner" 725: 723: 174: 172: 776:"How to avoid or remove Mac Defender malware" 487: 485: 483: 481: 479: 8: 258:"Threat Description: Rogue:OSX/FakeMacDef.A" 304:. techday.co.nz. 4 May 2011. Archived from 521:"How bad is the Mac malware scare? (FAQ)" 444:Christian Science Monitor Horizons blog 168: 7: 79:search engine optimization poisoning 674:Wisniewski, Chester (24 May 2011). 228:"Mac malware morphs to 'MacShield'" 618:"Apple takes on Mac Defender Scam" 492:Wisniewski, Chester (2 May 2011). 416:. crave.cnet.co.uk. Archived from 14: 387:Trenholm, Richard (20 May 2011). 180:"About Security Update 2011-003" 330:. left-click.us. Archived from 279:Hamburger, Ellis (2 May 2011). 94:, and also exposes the user to 46:that targets computers running 730:Cluley, Graham (18 May 2011). 538:Chen, Brian X. (19 May 2011). 302:"Macs face first virus threat" 1: 519:Mills, Elinor (19 May 2011). 204:. 25 May 2001. Archived from 658:International Business Times 622:International Business Times 353:Dachis, Adam (25 May 2011). 831: 202:"Intego Mac Security Blog" 50:. The Mac security firm 701:Bott, Ed (18 May 2011). 372:Dan Moren (2 May 2011). 805:Rogue security software 234:. MSNBC. Archived from 73:The program appears in 16:Rogue security software 44:rogue security program 546:. Condé Nast Digital 153:Leap (computer worm) 83:Google Image Search 640:News & Opinion 361:. lifehacker.com. 308:on 9 October 2011 81:on sites such as 42:) is an internet 822: 788: 787: 785: 783: 772: 766: 765: 754: 748: 747: 745: 743: 727: 718: 717: 715: 713: 698: 692: 691: 689: 687: 671: 662: 661: 650: 644: 643: 632: 626: 625: 614: 608: 607: 605: 603: 588: 582: 581: 579: 577: 562: 556: 555: 553: 551: 535: 529: 528: 516: 510: 509: 507: 505: 489: 474: 473: 471: 469: 454: 448: 447: 436: 430: 429: 427: 425: 410: 404: 403: 401: 399: 384: 378: 377: 369: 363: 362: 350: 344: 343: 341: 339: 324: 318: 317: 315: 313: 298: 292: 291: 289: 287: 276: 270: 269: 267: 265: 254: 248: 247: 245: 243: 224: 218: 217: 215: 213: 198: 192: 191: 189: 187: 176: 830: 829: 825: 824: 823: 821: 820: 819: 795: 794: 791: 781: 779: 774: 773: 769: 756: 755: 751: 741: 739: 729: 728: 721: 711: 709: 700: 699: 695: 685: 683: 673: 672: 665: 652: 651: 647: 634: 633: 629: 616: 615: 611: 601: 599: 590: 589: 585: 575: 573: 564: 563: 559: 549: 547: 537: 536: 532: 518: 517: 513: 503: 501: 491: 490: 477: 467: 465: 456: 455: 451: 438: 437: 433: 423: 421: 420:on 22 July 2011 412: 411: 407: 397: 395: 386: 385: 381: 376:. macworld.com. 371: 370: 366: 352: 351: 347: 337: 335: 334:on 26 June 2012 326: 325: 321: 311: 309: 300: 299: 295: 285: 283: 278: 277: 273: 263: 261: 256: 255: 251: 241: 239: 226: 225: 221: 211: 209: 200: 199: 195: 185: 183: 178: 177: 170: 166: 149: 124: 104: 75:malicious links 67: 22:(also known as 17: 12: 11: 5: 828: 826: 818: 817: 812: 807: 797: 796: 790: 789: 767: 764:. 25 May 2011. 749: 736:Naked Security 719: 693: 680:Naked Security 663: 645: 627: 624:. 29 May 2011. 609: 598:on 27 May 2011 583: 572:on 27 May 2011 557: 530: 511: 498:Naked Security 475: 464:on 27 May 2011 449: 446:. 26 May 2001. 431: 405: 379: 364: 345: 319: 293: 271: 249: 238:on 6 June 2011 219: 208:on 27 May 2011 193: 167: 165: 162: 161: 160: 155: 148: 145: 123: 122:Apple response 120: 108:online payment 103: 100: 96:identity theft 66: 63: 15: 13: 10: 9: 6: 4: 3: 2: 827: 816: 815:Trojan horses 813: 811: 810:MacOS malware 808: 806: 803: 802: 800: 793: 778:. 24 May 2011 777: 771: 768: 763: 759: 753: 750: 737: 733: 726: 724: 720: 708: 704: 697: 694: 681: 677: 670: 668: 664: 659: 655: 649: 646: 641: 637: 631: 628: 623: 619: 613: 610: 597: 593: 587: 584: 571: 567: 561: 558: 545: 541: 534: 531: 526: 522: 515: 512: 499: 495: 488: 486: 484: 482: 480: 476: 463: 459: 453: 450: 445: 441: 435: 432: 419: 415: 409: 406: 394: 390: 383: 380: 375: 368: 365: 360: 356: 349: 346: 333: 329: 323: 320: 307: 303: 297: 294: 282: 275: 272: 259: 253: 250: 237: 233: 229: 223: 220: 207: 203: 197: 194: 182:. 31 May 2011 181: 175: 173: 169: 163: 159: 156: 154: 151: 150: 146: 144: 142: 136: 133: 129: 121: 119: 116: 112: 109: 101: 99: 97: 93: 88: 84: 80: 76: 71: 64: 62: 59: 57: 53: 49: 45: 41: 37: 33: 29: 25: 24:Mac Protector 21: 792: 780:. Retrieved 770: 752: 740:. Retrieved 735: 710:. Retrieved 706: 696: 684:. Retrieved 679: 657: 648: 642:. PCMag.com. 639: 630: 621: 612: 600:. Retrieved 596:the original 586: 574:. Retrieved 570:the original 560: 548:. Retrieved 543: 533: 524: 514: 502:. Retrieved 497: 466:. Retrieved 462:the original 452: 443: 434: 422:. Retrieved 418:the original 408: 396:. Retrieved 392: 382: 367: 358: 348: 336:. Retrieved 332:the original 322: 310:. Retrieved 306:the original 296: 284:. Retrieved 274: 262:. Retrieved 252: 240:. Retrieved 236:the original 231: 222: 210:. Retrieved 206:the original 196: 184:. Retrieved 137: 125: 105: 72: 68: 60: 39: 35: 31: 28:Mac Security 27: 23: 20:Mac Defender 19: 18: 264:11 February 92:pornography 799:Categories 398:17 January 286:7 December 260:. F-Secure 164:References 87:Windows XP 77:spread by 40:FakeMacDef 36:Mac Shield 232:Technolog 158:Fakeflash 128:AppleCare 115:ChronoPay 111:ChronoPay 70:parties. 32:Mac Guard 738:. Sophos 682:. Sophos 500:. Sophos 147:See also 65:Symptoms 56:malware 782:1 June 742:24 May 712:24 May 686:24 May 602:27 May 576:27 May 550:24 May 504:24 May 468:27 May 424:27 May 338:27 May 312:27 May 242:5 June 212:27 May 186:31 May 102:Origin 52:Intego 38:, and 762:ZDNet 707:ZDNet 544:Wired 141:Apple 132:ZDNet 48:macOS 784:2011 744:2011 714:2011 688:2011 604:2011 578:2011 552:2011 525:CNET 506:2011 470:2011 426:2011 400:2023 393:CNET 340:2011 314:2011 288:2011 266:2013 244:2011 214:2011 188:2011 801:: 760:. 734:. 722:^ 705:. 678:. 666:^ 656:. 638:. 620:. 542:. 523:. 496:. 478:^ 442:. 391:. 357:. 230:. 171:^ 143:. 34:, 30:, 26:, 786:. 746:. 716:. 690:. 660:. 606:. 580:. 554:. 527:. 508:. 472:. 428:. 402:. 342:. 316:. 290:. 268:. 246:. 216:. 190:.

Index

rogue security program
macOS
Intego
malware
malicious links
search engine optimization poisoning
Google Image Search
Windows XP
pornography
identity theft
online payment
ChronoPay
ChronoPay
AppleCare
ZDNet
Apple
Leap (computer worm)
Fakeflash


"About Security Update 2011-003"
"Intego Mac Security Blog"
the original
"Mac malware morphs to 'MacShield'"
the original
"Threat Description: Rogue:OSX/FakeMacDef.A"
"WARNING: This Mac App Is Stealing Credit Card Numbers"
"Macs face first virus threat"
the original
"Say hello to MAC Defender, the first major widespread piece of Mac based malware"

Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.