Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Everything you need to know about Mac scareware

Gregg Keizer | May 26, 2011
How to spot fake Mac security software, how to get rid of it and what to do to stay safe.

So how do Macs get infected with things like MacDefender? Easy, they dupe users into doing the job for them.

The group behind MacDefender entices victims to malicious sites, where a Web page that looks like the Mac Finder appears, runs a phony virus scan, then claims that the machine is infected with dozens of Trojans. When the unsuspecting user clicks the "OK" button, MacDefender downloads to the Mac.

Such social engineering-style attacks are commonplace on Windows, but have been rare on Macs. Looks like that party is over.

Okay, so I fell for the ruse. What happens next? Once it's downloaded, MacDefender automatically pops up an install screen on Macs where Safari is running.

If you used another browser to download the scareware -- Firefox or Chrome, for instance -- the criminals rely on you to find the just-obtained installation package in the browser's download destination and click on it.

Next you'll see a typical Mac installation process. (In earlier versions you had to enter your administrator password, but that requirement's been eliminated in the most recent version, dubbed "MacGuard.")

Once MacDefender's fooled you into installing it, the scareware runs another scan and drops numerous alerts on the screen, all part of the scam to make you think your Mac is infected.

To remove the "infections," you have to pay up by entering your credit card information.

I'm not completely stupid ... I just won't pay up. What happens then? MacDefender -- which also goes by names like MacSecurity, MacProtector and now, MacGuard -- duns you with those irritating pop ups, flashes an icon in the menu bar, and worst of all, opens pornographic pages in your browser every few minutes.

That last is a new twist to spur you to pay for the scareware.

"We think they're doing this because most people will assume that that means they've got a virus on their Mac, and they need to get rid of it by paying for the program," said Peter James of Mac-only security software maker Intego in an interview earlier this month.

MacDefender automatically runs each time you start your Mac, so you can't get rid of it by restarting or shutting down the machine.

So it's here to stay? Isn't there a way to get rid of it? Yes, you can scrub your Mac manually.

Earlier this week, Apple finally acknowledged the MacDefender scareware campaign by posting a support document on its site. That document spells out the removal steps you should take.

Can't the Mac remove this itself? Not yet. But Apple's promised an update to Mac OS X 10.6, aka Snow Leopard, that will.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.