MAC Defender

from Wikipedia, the free encyclopedia

MAC Defender (also Mac Defender , Mac Security , Mac Protector , Mac Guard and Mac Shield ) was malware for the Mac OS X operating system that was active in May and June 2011 . It was a scareware - Trojan that can spread only through the help of the user. Still, MAC Defender was the first widespread malware for Mac OS X.

Symptoms

The program appears in malicious links that are spread through index spamming via sites such as Google Image Search. If a user accesses such a malicious link, a warning message about a virus attack appears on the computer. Initially, this warning was in the style of Windows XP , but was later replaced by a style typical of Mac OS X. The website claims to have scanned the system hard drive and discovered viruses. The user is then asked to install MAC Defender, which pretends to be an anti-virus program . To simulate malware infestation to users, MAC Defender randomly opens porn sites in the browser after installation. To remove this simulated malware, the user should then buy a license at a price between $ 59.95 and $ 79.95. In addition, the credit card details entered are distributed via appropriate illegal channels.

development

The security software company Intego first reported on May 2, 2011 about the alleged MAC Defender antivirus program.

New variants

In the days that followed, several new variants of the malware appeared under the names Mac Security or Mac Protector .

A variant that appeared at the end of May under the name Mac Guard is installed in the user directory of the logged-in user, so that no password is required for installation. However, the user still has to manually confirm the installation. Several variants of this also appeared in the following days, some under the name Mac Shield .

Reaction from Apple

ZDNet blogger Ed Bott reported that the number of support calls was four to five times higher than usual. By May 24, 2011, i.e. within just under three weeks, he estimates that around 60,000 calls to AppleCare support regarding the MAC Defender issue were received. According to Bott, the support staff were instructed not to provide any assistance in removing the malware. According to an unnamed support person, this rule should prevent users from turning to technical support instead of using anti-virus software.

On May 24, 2011, Apple published a guide on how to prevent and remove the malware. On May 31, 2011, Apple released a security update for Mac OS X, which removes the Trojan from infected Macs and extends Mac OS X to include an automatic update of the malware definitions.

enlightenment

Several new variants of the malware appeared by June 18, to which Apple responded with daily updates to the malware definitions. This development ended after Russian police raided the premises of ChronoPay, the Russian payment service provider responsible for MAC Defender and a number of similar programs, on June 23.

The origin of the software has been traced back to the ChronoPay accountant's email address. This address was used to register several Internet pages to which users were directed to buy the supposed anti-virus software.

Individual evidence

  1. a b Intego Discovers New Variants of Mac Defender Fake Antivirus. Intego, May 5, 2011, accessed January 16, 2012 .
  2. a b MacDefender, MacSecurity, now MacProtector: Latest Version of Fake Antivirus Targeting Mac Users. Intego, May 8, 2011, accessed January 16, 2012 .
  3. a b INTEGO SECURITY MEMO - New Mac Defender Variant, MacGuard, Doesn't Require Password for Installation. Intego, May 25, 2011, accessed January 16, 2012 .
  4. a b Mac malware morphs to 'MacShield'. (No longer available online.) In: Technolog. MSNBC June 3, 2011; archived from the original on June 6, 2011 ; Retrieved January 16, 2012 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / technolog.msnbc.msn.com
  5. ^ John E. Dunn: Mac users hit by first rogue antivirus app. (No longer available online.) In: PCWorld New Zealand. May 4, 2011, archived from the original on September 8, 2011 ; Retrieved February 18, 2012 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / pcworld.co.nz
  6. Adam Dachis: How to Protect Your Computer from Mac Defender and Its Counterparts. In: lifehacker.com. May 25, 2011, accessed February 18, 2012 : "Mac Defender has been making a lot of noise as one of the first major Mac security threats"
  7. ^ Dan Moren: New Mac Trojan horse masquerades as virus scanner. In: Macworld.com. May 2, 2011, accessed on February 18, 2012 : "By and large, Mac users have been able to escape the onslaught of malware that their Windows counterparts suffer from"
  8. Rich Trenholm: Mac Defender fake antivirus software is first major attack on Apple computers. (No longer available online.) In: crave.cnet.co.uk. May 19, 2011, archived from the original on July 22, 2011 ; Retrieved February 18, 2012 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / crave.cnet.co.uk
  9. Elinor Mills: How bad is the Mac malware scare? (FAQ). In: CNET. May 19, 2011, accessed February 18, 2012 .
  10. Chester Wisniewski: Mac users hit with fake anti-virus when using Google image search. In: Naked Security. Sophos, May 2, 2011, accessed May 24, 2011 .
  11. Intego Security Memo - MAC Defender Fake Antivirus Program Targets Mac Users. Intego, May 2, 2011, accessed January 16, 2012 .
  12. Ed Bott: An AppleCare support rep talks: Mac malware is "getting worse". In: zdnet.com. May 18, 2011, accessed January 16, 2012 .
  13. ^ Ed Bott: Apple to support reps: "Do not attempt to remove malware". In: zdnet.com. May 19, 2011, accessed January 16, 2012 .
  14. Avoid or remove Mac Defender malware. Apple, May 24, 2011, accessed February 18, 2012 .
  15. Information about the security update 2011-003. Apple, May 31, 2011, accessed February 18, 2012 .
  16. Eric Slivka: Apple and 'Mac Defender' Malware Authors Continue Cat-and-Mouse Game. In: macrumors.com. June 20, 2011, accessed January 16, 2012 .
  17. Brian Krebs: Fake Antivirus Industry Down, But Not Out. In: krebsonsecurity.com. August 3, 2011, accessed January 16, 2012 .
  18. Damon Poeter: MacDefender scareware Linked to Russian Payment site. In: PCMag.com. May 27, 2011, accessed February 18, 2012 .
  19. Russia's ChronoPay Executive Linked to Mac Defender Scam. In: International Business Times. May 28, 2011, accessed February 18, 2012 .