MACDefender Poses Malware Threat

ByMike Moffit

Earlier this morning, antivirus software company Intego posted an article detailing a new malware threat for OS X users. This malicious software—masquerading as “MACDefender”—targets users through Safari via SEO poisoning attacks. Essentially when a rigged link is clicked after performing a search, users are redirected to a page containing JavaScript that automatically downloads a compressed file.

This malware presents the greatest threat to users who have enabled the option for their browser to automatically open “safe” files. Upon downloading, the malware will automatically open and infect the machines of any users with this browser configuration. It is worth noting, however, that by default Mac OS X prompts users whenever a downloaded application attempts to open itself or install. If you ever see an application you haven’t explicitly elected to download, deny it permission to open, and under no circumstance provide it your administrator password.

If you have enabled the option for Safari to automatically open downloaded applications, there is a chance—though slim—that your machine has been infected. MACDefender installs silently and with nothing more than a click on a deceitful link. If you believe the malware has been installed on your machine, Mac Rumors recommends taking the following precautions:

  • Open Applications > Utilities > Activity Monitor and quit any processes linked to MACDefender.
  • Delete MACDefender from the Applications folder.
  • Check System Preferences > Accounts > Login Items for suspicious entries.
  • Run a Spotlight search for “MACDefender” to check for any associated files that might still be lingering.

Although these steps will effectively disable and remove MACDefender in the interim, Intego is further investigating the most efficient and complete means of removal. The company will post its findings on its blog shortly. As the number of Mac users who have consciously visited Safari preferences and enabled the “auto open” option are on the lower side, Intego has associated a low threat level with the malware. However, it may behoove you to run—at the very least—a quick Spotlight search for any traces of MACDefender. To be as savvy as possible against attacks such as these in the future, refrain from ever offering a suspicious application your admin password, and keep a regular Time Machine backup.

Similar Posts

  • iPad Review Roundup

    It’s getting rave reviews… here are some highlights. Feel free to share your thoughts with us below! Boing Boing PC Mag.com CNET NY…

  • Notable Press Mentions of Apple This Week

    There were a couple of notable mentions of the reliability and lifetime low cost of administering Apple computers this week. First, Consumer Reports…

  • iOS 4.3 – Detailed

    Yesterday, alongside the introduction of iPad 2, Apple showcased iOS 4.3—the software behind its latest hardware innovation. Building off existing abilities of iOS,…

  • Snow Leopard Coming: September 2009

    At WWDC today, Phil introduced Bertrand Serlet to talk about the Mac OS. He announced that Snow Leopard will be available in late…

  • WWDC: Mac OS X Leopard Round-up

    While some of the features Steve demo’d at WWDC were the same as ones we’d previously seen, there were a few new ones…

  • iPhone OS 4.0: Coming Soon!

    At the risk of overloading you with iPad information, I couldn’t resist mentioning the anticipated announcement of the next version of the iPhone…