Mac Malware Threat: May 18 update
Some of you will have been aware that there is a significant Mac “Malware” — that is to say, Malicious Software — on the loose. It has been most widely distributed by Google Images searches, which may have simmered down by now as I believe Google has taken appropriate steps, but it can attack from just about any web site that has been hacked to host the infection, and reports of infections are still widespread.
This article quotes an Apple support employee who offers some very significant insights. That being said, in my opinion the reporting here is horribly flawed: the author made no attempt to cross-reference the information obtained, did no research beyond a single-source interview, and on top of that the interview is anonymized (to protect the Apple employee). Together, these factors would have yielded a failing grade for the article in my junior college journalism class of yesteryear; the craft of journalism has suffered since then. Be that as it may, Mac users would do well to be aware of this threat.
The takeaways are these:
1) do NOT believe any WEB BASED alert that indicates that you have a virus or other infection. The ONLY alert you should believe to this effect is one from a real anti-virus program that you intentionally installed, and is maintained.
2) Mac Defender is BOGUS. ”Apple Security” is BOGUS. If you get solicited on the Internet for either of these, they can be VERY persistent, downloading even if you hit “Cancel.” In some cases, attempting to get away from the bogus infected site can cause “unsavory images” (I think they mean porn) to appear on your screen, as supposed evidence of the infection.
If you get hit with such a site, force-quit the browser (Safari or FireFox) by choosing “Force Quit…” under the Apple menu. This will get you away from the malware, and any naughty pictures it might load.
3) If the software is downloaded, it may (depending on your system settings) attempt an auto-install. If it does, just quit the installer (and throw the download away out of your downloads folder). If you click through the installer it will ask for your Admin password. DON’T GIVE IT THE PASSWORD and it cannot do any harm.
4) Some versions of this thing (there are quite a few already, all based on the same scheme) attempt to extract your credit card info by having you attempt to “purchase” the software. Apparently, after you put in your card information, the server will “decline” the card and encourage you to try another — a clever way to steal multiple credit cards from you. IF THIS HAPPENED TO YOU, ASSUME YOU HAVE BEEN ROBBED and IMMEDIATELY call your bank(s) and alert them. Like, right now.
5) If you installed any version of this thing, please call me for assistance in removing it. Because there are many versions of it out there, there is some possibility that other harm could come of such an infection. Please minimize your use of the computer, and call me right away at 415 479 2931. I’ll take care of you. If you’re a do-it-yourselfer, start with this article for info on how to remove it. Please understand that this is not a complete solution, however.
Finally, if anyone reading this can point me to a reproducible way to encounter this Malware, I’d be appreciative as I haven’t been able to play with it myself yet.
test Filed under Creative Goose News, Uncategorized | Comments (2)2 Responses to “Mac Malware Threat: May 18 update”
Leave a Reply
Most people have heard of a Computer Virus. Many assume Macs cannot get these things (and in fact, your likelihood of getting any Malware on a Mac, even now, is much lower than on any Windows PC).
The term “Malware” means “malicious software”, and includes Viruses, Trojan Horses, Spyware, Adware, and ScareWare (and possibly other things as well; its a general description for evil software).
– a “Virus” is a program that adds itself to your computer’s operating system or eMail system or browser, etc., to do some kind of harm. Often, they self-replicate, for example, by sending eMail to your contacts. One does not have to “do anything” to contract a virus, once exposed. There are still virtually no “viruses” for Mac.
– a “Trojan Horse” is a program that the user downloads and runs, thereby releasing some form of harm. Usually people are tricked into running these programs, by a promise of some ostensibly desired outcome, be it naughty celebrity pictures, free beer coupons, or whatever.
– “Spyware” is software — typically browser based — that spies on your online activities, and sends the information to someone else. Sometimes this is relatively benign, supporting an advertiser or some such; other times it is dangerous. For example, one form of Spyware is a “key logger.” These programs record everything you type — including passwords — and sends it off to the miscreant on a regular basis. Spyware is always bad for privacy, whether it is “officially” placed there by a “reputable” software company, or by a plain and simple thief.
– “Adware” puts extra advertising on your computer, can re-direct web pages to advertiser-oriented sites, and generally overlaps with “Spyware” inasmuch as it sends info to the “advertiser.” Reputable firms do not use “Adware.” Although it is obnoxious and can cause secondary problems for computer users, it isn’t necessarily criminal in intent. Often, the sole aim of adware is to artificially inflate the “page view” counts for otherwise legitimate ads by opening lots of extra ad windows on your computer, since the page owners are paid by the number of times their ads are displayed on screen. The actual advertisers may be unaware of what is happening, and rarely authorize such schemes.
– “ScareWare” is any program that attempts to frighten the user into making a purchase. MacDefender fits this category, inasmuch as it attempts to convince the user to buy something to solve a “problem” that the scareware “detects.” In reality, these programs are a self-fulfilling prophecy; once you make the purchase, *then* you have the problem. On the PC side, there are some lovely “anti virus” scareware programs that will literally render the computer useless online until the user surrenders a credit card. MacDefender does NOT do this; if you don’t give it your password, the worst it can do is open a few windows in your browser to naughty pictures.
If you have any concerns about any of these possibly running on your Mac, let’s talk.
For those users who would like to run a bonafide reputable Antivirus program to protect against this and other Malware attacks, Creative Goose recommends Sophos Anti-Virus. The Home Edition is free, whereas corporate users are asked to license a paid version for a few bucks per user per year.
Free home version:
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
Corporate version:
http://www.sophos.com/en-us/products/endpoint/anti-virus.aspx
Finally… in the what NOT to buy department…. IMHO Intego is engaging in an unsavory business practice by fanning the current Mac Malware flames in order to boost sales. They are all over the Internet on this one. Therefore, I have ceased recommending their VirusBarrier product for the time being; I have previously used the product and found it to be good.
Norton-branded tools for Mac are explicitly NOT recommended by me or my company any more, as they have become classic bloatware and are overpriced. Peter Norton himself hasn’t been involved with that firm for decades, Symantec just milks his name and puts out crappy product, at least for Mac. That being said, if you have a currently updated version of this, it should be able to protect against MacDefender.