Malware alert: MAC Defender
 

I didn't see anything about this yet, but I've had a few clients with this software on their machines. So I figured I'd post this link discussing MAC Defender (the latest attempt at malware on the mac), which also includes some instructions on how to remove it.

Remove Mac Defender (Uninstall Guide)

Even after removing it manually I've run a scan with ClamXav (linked here) on some machines, which will sometimes find and remove a few remnants of the software.

Hope none of you guys get infected/give the software your information. But hopefully this helps just in case.

One would have to be quite exceedingly silly to install such software. As such, exploit by user error is one of the few ways the OS can be compromised.

If you were silly enough to do so, you're better off reinstalling, recovering your data, and not doing that again.

Damn- I was expecting a thread about a Land Rover Defender tuned by Martino Auto Concepts. I am dissapoint!

The preconceived notion of safety on the mac means that a lot of people will simply type in their password whenever prompted. I've seen it happen a few times in the last week.

Due to the simplistic nature of this piece of malware (and its subsequent ease of removal) there is no reason to reinstall. It isn't like windows malware which can cause all sorts of hidden issues.

Just figured this thread would help if anyone or their friends/family were to accidentally install this stuff.

Apple has gone to fairly significant lengths to prevent inadvertent root access to the system-- all but the truly clueless generally question running something with such permissions downloaded from a website they do not trust.

Trusting a system to any hostile script or program that has been given superuser access is an extremely bad idea. Assuming "oh, well, I got everything" is just a bad practice and should not be applied to any system with any kind of sensitive data on it.

Many users have no idea about how to protect their macs from viruses or intrusion. Many of them are the same as the people whose PCs are full of viruses (the only difference being the operating system they choose to use). Ignoring the fact that most users are clueless certainly won't do anything to help. The widespread attitude of "macs are immune to anything bad!" just makes people even more trusting of anything that jumps up asking for a password.

How would you ensure that your data is clean after a reinstall? PC viruses and malware will often infect pieces of user data so that even if it were to be moved over to the machine after a reinstall, the virus would still be there. This virus isn't malicious enough to do any damage to a user's system or infect their files. A simple manual deletion and a scan with your mac antivirus of choice is more than enough (shoot, even doing a spotlight search and delete for all of the files associated will work fine with this one).

Either way, this is useful information for all users to have, as it is the first truly widespread piece of malware for OS X. Having the knowledge that this is out there will hopefully make people more cautious (or at least safety conscious) about their downloading and browsing habits.

In fact it is not. There have been several social engineering based exploits in past, and it remains the only widely available avenue to compromise OS X. Drawing significant attention to it as though it is OMG MAC VIRUS!!11oneone is rather silly, especially given that Apple has placed numerous safeguards into the OS to prevent people from being engineered into doing something they should not.

Rather ironically, running such things up the flag pole only makes the uninformed more likely to install random "anti virus" software they don't need.

It's an ehh solution to a problem that should never exist in the first place - whoever gives up their password at every OS prompt without giving it a second thought are the sort of users who shouldn't have been given the super user password for their computer to begin with . . .

Of course there have been prior attempts, but most have been targeted at reassigning DNS servers to force people into going to scam or phishing sites. After working on more macs than I can count, this piece of malware is the only one I've seen on more than one machine (saw 3 machines with it in the past week). Sure, Apple provides safeguards, but there is nothing to prevent "ID10T" errors.

I don't see this as fear mongering or scaring people into being "safe." I see this as a way to let people know what is out there and to help them be more aware of what sort of things they may potentially be giving their admin password to. I would agree that AV software is not yet needed on the mac, but ClamXav doesn't run all the time, so it doesn't hurt to have it installed (it is what I recommended in the first post if someone were to feel the need to have AV software).