Mac Malware Infection Spreading Fast

/ Source: SecurityNewsDaily

A clever and dangerous piece of malware called MacDefender has been targeting Mac users for weeks, and the problem seems to be getting worse.

"[MacDefender] has been very prevalent the last couple of weeks," an AppleCare technician told SecurityNewsDaily in a support call today (May 18). "It looks pretty real, but it's just a scam trying to trick you into giving money."

There's a real antivirus application called MacDefender, but the fake one pops up in your browser when you click on an infected website or image.  It tells you your Mac is infected by malware and that you need to install the bogus software — in fact a Trojan — right away.  It even asks for your administrative password if you've got one.

Once you've installed the Trojan, it demands that you pay for it with a credit card, and navigates to porn sites until you do.

Another AppleCare technician, who wished to remain anonymous, told ZDNet researcher Ed Bott that his AppleCare support center has been receiving four to five times the usual amount of calls in the past few weeks.

The support calls, the AppleCare tech told Bott via email, are all about the same thing: MacDefender.

Apple's response

A post yesterday (May 17) in an AppleCare chat forum from "lindafromsandylake" exemplifies the exasperation customers are feeling when they encounter the fake MacDefender, and the subsequent frustration they face in getting Apple to help.

"Aaah! Help! Was just browsing MSN and 'Apple Security Center' popped up and told me that I am totally infected. I called Apple and the tech advised that this has been happening for the past two weeks. He told me to buy the Virus Barrier Plus from Intego for $9.99, run it and it will delete the problem. Well — NO — didn't work. I even tried the free version. Both scanned and told me that the iMac is fine."

Linda's infuriation may stem from the fact that, according to Bott's source, Apple's front office is telling AppleCare reps not to assist people in removing malware from their systems, and instead directing them to purchase third-party removal programs.

"The reason for the rule, they say, is that even though MacDefender is easy to remove, we can't set the expectation to customers that we will be able to remove all malware in the future," the AppleCare tech told Bott.

Yet a call by SecurityNewsDaily to AppleCare proved that the support reps are aware of the invasive malware problem, and admit that it is getting more serious.

"The only security updates you ever want to install," the rep told us, "are ones from Apple. Anything that pops up and says the name of any third-party application, like MacDefender or anything you've never heard of, I'd recommend not installing."

Whoever is behind this malware campaign, however, is smart enough to know that Mac users are going to be looking for genuine solutions. As noted above, among the Trojan's many aliases is "Apple Security Center." (Another common one is "Mac Protector.")

As the problem continues to spiral, third-party applications have been created, including one called MacDefenderKiller, that are designed specifically to rid your computer of this persistent danger. And one Apple Support Communities forum includes directions from participants as to how to effectively rid MacDefender from your computer.