Serious Mac "malware" threat...

I want to let everyone know about a threat to Mac users that has recently cropped up, and is starting to hit the news sites as well. So far, there are at least three variants: "MAC Defender", "Mac Protector" and "Mac Security". The threat is being reported as a virus, but technically, it's not. The more accurate term for it is "scareware", as it's simply designed to scare users into thinking they've been infected with a virus. It's devious and nasty in its techniques, but the (sort of) good news (sort of) is that it poses no threat to the data on your computer. If someone falls for it completely, however, they could end up compromising a credit card, so don't take this lightly. For details, read on...

The threat starts when you stumble onto a 'poisoned' website, and a pop-up window of some sort will appear that says your computer has been found to be virus-infected. The secret of the threat is that a bit of javascript code on the website has already initiated a download, and in a very short time (if your computer is configured as most are by default [see below[*]), you'll be presented with an installer window, which asks for your administrator password in order to proceed. If you're really paying attention, you'll decline that request, and the threat will be averted. But, if you go ahead and enter your password (as most of us probably would, thinking the threat is real and worrying about the consequences), the threat really takes off...

The next step in the nastiness is that you'll be presented with a fake anti-virus program interface, and it will proclaim to have found one or more viruses on your system. [This is a good time to interject that there still are no known true viruses out there that can attack Mac OS X.] For the few folks that I've spoken to that have experience the issue, the next step is what finally triggers a "wait a minute" moment... The 'program' then asks for you to enter your credit card info to be charged something like $60 to fully install the 'program' and thus rid yourself of the virus(es). Fortunately, all the folks I've spoken to have been sufficiently wary of blindly giving out any sort of private info, especially credit card/bank account numbers. DON'T DO IT!

Of course, at this point, the nastiness escalates. The fake program has been installed in such a way that it has no apparent way to be quit it, as well as having added itself to your login items (remember, you gave it your admin password?), so will start up automatically every time you restart your computer. To top it all off, if you don't pay up, it will automatically open your browser to some awful porn sites on a random basis, in an attempt to further scare you into paying up... Ugh.

Hopefully this email, and other news stories you may have already seen or been alerted to, will serve to keep you from falling prey to the hoax. If, on the other hand, you've been bitten, and need to know how to eliminate the nastiness, here's how to do it:

1) First off, as I said above, please don't be scared into actually giving them a credit card number! If you already did, call your CC company right away and alert them to the charge and cancel the card immediately;

2) The only way to delete the program (whichever version is installed: MAC Defender, Mac Protector or Mac Security), is to do the following:
• Go into your Applications folder, locate the Utilities folder, find the Activity Monitor program and open it (you can also try clicking this link);
• Once in Activity Monitor, find the pop-up-menu at the top of the window that says "My Processes" and change that to "All Processes";
• Find the name of your nemesis in the list of processes, select it, and click "Quit Process", then click "Force Quit";
• Quit Activity Monitor, go back to your Applications folder and find the offending program; move it to the Trash (being careful not to double-click it!), and then empty the Trash.
• Restart your computer, just to be sure you've cleaned it out...

3) Whew, it's gone! *One last step. For protection in the future, assuming you're using Safari as your default browser, go into Safari's preferences, and under the General tab, uncheck the box at the bottom there that's labeled "Open "safe" files after downloading". If there's anything we've learned from this whole ordeal, it's that it just isn't possible to let a program make assumptions about what a "safe" file is anymore!!

As always, if you have any trouble understanding any of this, or figuring out how to rid yourself of the threat, please feel free to give me a call. I'll do my best to help!

Of course, a big question that arises out of all of this is this: "Is it time to buy & install some sort of Anti-virus software on my Mac??" Here's my take (and it's also that of several online "experts"): I really don't think so. Of the many programs available for the Mac right now, only one would've detected the problem at the outset if you'd had it installed. That's mostly because it's not a true virus, as I explained earlier. I've always said that this type of threat was what all computer users would have to be most vigilant about in the future, because it's the easiest way to gain access to someone's computer. In short, the Trojans were very clever all those hundreds of years ago, and hackers are still benefitting from that knowledge! Instead of the relying on AV software, I still believe that the best investment to protect yourself from ALL types of computer problems (software/hardware malfunction as well as 'malware') is to have a robust backup system. If you're running a business from your computer, it should be a strongly redundant system as well!

Still, for those of you who would still like the peace of mind that comes from running some sort of anti-virus software, here are a few good products to explore:

Just make sure you've got a good backup as well!

Also, if you'd like to read up in more detail about this threat, here are a few links: