Mac Defender (also known as Mac Protector , Mac Security , Mac Guard , Mac Shield and FakeMacDef ) is an internet rogue security program that can be installed by unwitting computer users running the Mac OS X operating system. Mac Intego security company found fake antivirus software on May 2, 2011, with patches which is not provided by Apple until May 31st. This software has been described as the first major malware threat to the Macintosh platform (although it does not stick or damage any part of OS X). However, this is not the first Trojan Mac, and it does not spread itself.
Video Mac Defender
Symptoms
Users usually find the program when opening an image found in the search engine. It appears as pop-ups indicate that the virus has been detected on the user's computer and suggests they download a program that, if installed, gives the user's personal information to an unauthorized third party.
This program appears on malicious links propagated by search engine optimization poisoning on sites like Google Image Search. When a user accesses such malicious links, a fake scanning window appears, initially in the style of Windows XP application, but later in the form of "Apple type interface". Fake programs appear to scan the system hard drive. The user is then prompted to download the file that installed Mac Defender, and then asked to pay US $ 59.95 to US $ 79.95 for the license for the software. Instead of protecting against viruses, Mac Defender hijacks the user's Internet browser to display sites related to pornography, and also expose users to identity theft (by forwarding credit card information to the cracker). Newer variants install themselves without the user entering a password. All variants require the user to actively click through the installer to complete the installation even if no password is required.
Maps Mac Defender
Origin
The software has been tracked through the German website, which has been closed, to ChronoPay Russian online payment. Mac Defender was traced to ChronoPay via ChronoPay Alexandra Volkova's financial controller email address. The email address appears in the domain registration for mac-defence.com and macbookprotection.com, two Mac user websites are directed to purchase security software. ChronoPay is Russia's largest online payment processor. The website is hosted in Germany and suspended by the Czech Webpoint.name registrar. ChronoPay has previously been linked to other frauds in which users involved in file sharing were asked to pay a fine.
Apple Response
According to Sophos, on May 24, 2011, there were already sixty thousand calls to AppleCare technical support on issues related to Mac Defender, and Ed Bott of ZDNet reported that the number of calls to AppleCare increased in volume due to Mac Defender and that most calls were on time it belongs to Mac Defender. AppleCare employees are told not to assist callers in removing software. In particular, support personnel are told not to instruct callers on how to use Force Quit and Activity Monitor to stop Mac Defender, and not to direct callers to discussions related to problems caused by Mac Defender. An anonymous AppleConn support employee says that Apple instituted policies to prevent users relying on technical support rather than anti-virus programs.
AppleCare employees were told not to assist callers in removing software, but Apple later promised software patches. On May 24, 2011 Apple issued instructions on malware prevention and removal. The Mac OS X 2011-003 security update was released on May 31, 2011, and includes not only the automatic removal of trojans, and other security updates, but new features that automatically update Apple's malware definitions.
Mac Guard variant
A new variant of the program, Mac Guard, has been reported that does not require users to enter a password to install the program, although it still needs to run the installer.
See also
- Leap (computer worm)
- Trojan BackDoor.Flashback
- Fakeflash
References
Source of the article : Wikipedia