Mac Defender has already created headaches for many Mac users around the world, but it may be only the beginning, according to researchers at Sophos Laboratories.
Chester Wisniewski, senior security advisor at Sophos, a security firm, noted malware and viruses for Macintoshes have historically been rare. While Windows users have had to deal with them often, the very fact that Macs are a smaller part of the operating system market means hackers have not bothered to write malware or viruses.
That may be changing. Wisniewski said that researchers at Sophos think the first release of the malware might have been a proof of concept. Most Windows users have some kind of antivirus software or firewall (or both) in place because they are used to getting attacked. Mac users are not. Since most Mac users don't install much in the way of security software, writing malware for a Mac will get a better yield of vulnerable users than attacking Windows machines.
The new variant of Mac Defender malware has a new twist: it needs no administrator password to install itself on a target machine, as it bypasses the system and application folders. Instead it saves itself in the user account folder (where programs such as Word and iTunes tend to save files). By avoiding the system folders it escapes the attention of the OS when downloading.
Mac Defender is fake antivirus software (or 'scareware') that pretends to scan for viruses, when in fact it redirects the user's browser to pornographic web sites (to convince a user that the computer is infected). It then asks for credit card information to buy a license to use the software. It is not clear yet to whom the credit card information is sent.
The security firm Intego first flagged Mac Defender on its blog on May 2. The authors planted certain tags and keywords around various web sites, which made search engines display links to sites that had the malware prominently. Many users were thus directed to compromised sites that looked like a Windows machine performing a virus scan.
Apple has posted instructions for removing the Mac Defender scareware, and says it will also publish a software update that will automatically remove MAC Defender in the coming days.
To get rid of the malware once it is installed one has to launch the Activity Monitor utility. After stopping the MAC Defender process (it often has names such as MacDefender, MacSecurity or MacProtector) the malware can be taken out of the Applications folder and moved to the trash.
The simplest way to prevent it from getting installed on your computer is to make sure that the browser-whichever one you use -- does not automatically open files on downloading them.