Mac Defender, it's Malware!

[HR]

I have been a MAC user I started in 1992, I want to give info about Mac Defender. Do not Download it, it's Malware!
I don’t send this to poke at anything or anyone. Just a heads up on the latest issues.

http://www.zdnet.com/blog/bott/an-ap...42?tag=nl.e539

If you did download Mac Defender you can remove it with AppCleaner.
http://www.freemacsoft.net/AppCleaner/

[chick]

I was hit by the Mac Guard, a new variant of the Defender.

I thought it was strange, but wasn't sure what it was (had not known of/read any info on this malware at all), as this one automatically opened up when I opened up my browser (it was to 'yahoo.com' but redirected to an "Apple Security Alert" page - I did not click on any unknown links). It immediately started "scanning" and warning of infection and installed into my system. Honestly, it happened so fast, I didn't know what to do, so I restarted my computer (which req. pw to login). It was still there after starting back up, and I couldn't stop it. To "clean up" infected files, it required buying the software, so I knew it wasn't legit, but didn't know how to get rid of it. Apple website didn't have anything on "mac guard" (probably cuz it was a new variant) but I found it by googling.

Here is one article, http://www.csmonitor.com/Innovation/...c-malware-scam
which linked me to How to remove Mac malware

I think this malware is primarily to get credit card #'s, but does anyone know if the computer is 'ok' even after installing it, once it is uninstalled and removed from the system? I did enter my login pw after restarting, after installing the Mac Guard, and have changed it since, but I just want to make sure I didn't compromise anything...

...and if I did, what should I do?

[PN]

Hi, Chick. Sorry to read that you got bit by Mac Guard. I would recommend downloading the free trial version of ESET Cybersecurity for Mac. Do a full scan. If you are using Safari this article from PCWorld recommends the following steps:

"If you have the "Open safe files after downloading" option in Safari checked the installation process will begin automatically and the avRunner program will be installed on your Mac. This then downloads a second file package from a domain belonging to the cybercriminals behind the attack, while deleting all traces of the original installer files.

This second file is the MacGuard package, which will automatically install itself as well. It will then demand credit card details to rid your Mac of the infection.

Intego recommends unchecking the Open safe files after downloading option in Safari and if you should end up on any website that looks similar to Mac OS X's Finder window you should close the browser immediately. If the Installer opens, quit it straight away and check the Downloads folder for any unrecognized files and delete them."

So much for security by obscurity.

[Scorpion]

Quote:

Originally Posted by PN

So much for security by obscurity.

Yeah, and we knew this was coming with more people buying and using Macs. Macs are still exponentially safer than PCs, but hopefully this will get Apple to work harder to stay ahead of these assholes.

The good news is (I read this on one article) most people aren't entering credit card info, realizing it's a scam at that point.

[chick]

Hi PN. I had immediately removed the file/program just a few minutes after it was installed, but it was "on" and doing its thing for those few minutes as I scrambled to search online what this was and how to remove it. The Apple Support page gave simple instructions on how to remove. Safari preferences were changed right away too. (sidenote: Safari has been sucky lately, crashing a lot and stupid flash being a pain. will have to get chrome or firefox on here)

I was concerned about any residual 'stuff' that might still be on my mac and curious if there was any more info about this. I think my mac is ok, but you never know.... I will check out cybersecurity and see what that's about. THANKS!

[PN]

Hi, Chick. You may have noticed that Apple just released Security Update 2011 - 003 (Snow Leopard). I believe this update addresses the Mac Defender and its variants. As long as your computer is acting like it's old self then the beasties (malware) are probably gone. I have been using ESET Nod 32 on Windows for over three years. It is very lightweight and is good about not missing a virus in the wild. If I ever have to get an AV for my Mac it will be Cybersecurity. I really like Google Chrome on Windows, but not so much on the Mac. Although, Chrome does a better job with Flash. I am staying with Firefox 4 until 5 comes out at the end of June.

Scorpion, let me know you when you start using OS X Lion.

Good luck!