May 2, 2011 at 11:46 AM ET
It's not unusual for a new malware attack to pop up on the Internet every other moment, but the latest vicious bit of software floating around is particularly fascinating because it specifically targets Mac users.
The Next Web reports that a malware version of the popular MacDefender antivirus application is confusing and infecting a great number of Mac users right now:
Early reports show that users have been targeted as they search Google Images, one user stating that the bogus MacDefender application was automatically downloaded as he browsed images of Piranhas. Further searching through the Apple Discussion boards suggests that the malware campaign is targeting users of Apple’s Safari browser, displaying warnings that the user’s computer has been infected with viruses that only the unofficial MacDefender application can remove.
Part of the reason many are being easily infected by the malware is that Safari — the default browser in Mac OS — can be set to automatically open trusted software. This means that users are getting infected without even a hint of what's happening until the malicious app demands payment for "protection" like a digital mob boss.
The good news? So far it doesn't appear that the malicious MacDefender app does much, other than attempt to scare people into forking over their credit card numbers. It can even be easily removed:
- To ensure you do not automatically download the app, uncheck the following: Safari > Preferences > General > uncheck "Open 'safe' files after downloading."
- Searching for the application and deleting it directly may fail, saying the app is in use. To stop it running, check Activity Monitor (in Applications > Utilities) and disable anything that relates to MacDefender.
- Look in /Library/StartupItems and, same place, LaunchAgents and LaunchDaemons for references to the malware app.
- Once quit, head to the Applications folder and drag the MacDefender app to the trash, then delete trash.
- To ensure all references to the app are cleared, run a search using Spotlight and delete all MacDefender references you find.
As a precaution, it would be wise for Safari users to toggle the "Open 'safe' files after downloading" setting whether they're infected or not. It could prevent attacks similar to this one.
Related stories:
- Apple's Steve Jobs responds to iPhone tracking questions
- iPhone tracks you, even with location feature disabled
- Twitter users spread 'Unfollowed Me' virus
Rosa Golijan writes about tech here and there. She's a bit obsessed with Twitter and loves to be liked on Facebook.