Macs are highly touted for their secure operating system, and it's likely that your friend with that Apple® bumper sticker on their car has mentioned this fact to you at least a dozen times.
It's true that malware attacks are less common on the Mac® OS X platform than on the PC, but that doesn't necessarily mean that PCs are more susceptible than their counterparts. Tony Bradley, a writer for PCWorld, argued in May that "the real reason that Macs aren't plagued by more malware is that the platform represents such negligible market share that it's not worth the effort for malware developers."
However, the recent spike in Mac-targeted attacks does suggest that the popularity of Apple is starting to kindle the interests of those who devise fraudulent campaigns, and the recent MacDefender rogue is a great example.
The MacDefender, also known as MacProtector and MacSecurity, presents itself as an antivirus suite, springs at random from various websites and tricks the Safari browser into downloading it. Once installed, the app opens automatically and begins to wreak havoc.
"Each variant we've looked at works in almost identical ways," said Webroot threat researcher Andrew Brandt in his blog 'MacProtector: Rogue of the Week'. "The installer launches the app; the app begins 'scanning' almost immediately, and soon after scanning begins, reports that 'The system is infected'."
In some instances, Brandt described, the hijacked Safari browser sent users to a multitude of pornographic websites. "I guess that's supposed to push you over the edge, to convince you that you're infected with something bad. Your computer is infected, just not with what they're claiming."
The program continuously throws warning messages onto the desktop while repeatedly prompting you to make a $100 purchase for a "license key." Once the criminals have convinced you to enter your payment information, the scam is over - and they've won.
The growing popularity of rogue antivirus scams among criminals calls attention to the growing need for education in the area of Internet security for Mac users. With this in mind, we've put together a few helpful hints.
(By the way, here are the products currently at risk: Mac OS X 10.4, Mac OS X 10.5, Mac OS X 10.6)
5 Tips to Avoid 'Mac Attacks' (So You Can Tell Your Mac-Loving Friends)
- FIND AN ESCAPE HATCH
If you receive any messaging that relates to security software or viruses, aim for the close button on your browser and hit it fast enough to risk finger burn. If you are unable to close your browser right away, simply Force Quit.
If the application begins to download*, stop the download immediately. If you're too late to stop the download, make sure you do not enter your administrator password (this is how they hijack your system).
*Your browser may automatically open applications once they are downloaded. To disable this function - for that added bit of protection - open your browser's "system preferences," or the equivalent, and disable the functions related to automatically opening an application after download.
- EMPTY THE GARBAGE
From the desktop, Launch Activity Monitor, and then find the name of the rogue in the list of running processes. Click the little stop sign icon to Force Quit the rogue. Once that's done, delete the .app (common names include MacDefender, MacSecurity or MacProtector) from the Applications directory and you're golden.
Be advised: Apple Stores may not offer support if you get infected (after all, it's not an Apple software vulnerability that's being exploited), so you may have to take action yourself.
If you happen to divulge your debit or credit card information, call the company associated with your account immediately to cancel your card and rescue your funds.
- BE WARY OF MEDIA RELATED TO TRENDING NEWS
Use skepticism with opening open media (like music or videos) from an unknown source, especially when the videos guarantee secret information (like footage of Bin Laden's death). The bad guys know we're really curious to click, so take a moment before making the leap.
A recent example includes a lewd video that circulated on Facebook about Dominique Strauss-Kahn, the now ex-IMF chief who was arrested on accusations of sexual assault in May. Once people opened the video, the dreaded MacDefender rogue exploded on their screens; and, unfortunately, some chomped at the bait.
There were other malicious videos that surfaced in the wake of the earthquake and tsunami disasters in Japan, along with Bin Laden's death, that turned out to be nefarious. We have been conditioned to give instant credibility to the highest placed search results, and malware writers know this. In fact, Cybercriminals are masters of Search Engine Optimization (which sorts the order of your search results), so their videos can be placed higher in the search results for an inquired topic. This doesn't call for alarm. Just be careful.
- UPDATE OFTEN, IF NOT AUTOMATICALLY
In late May, Apple issued an update on their support site that helped address the MacDefender rogue. Unfortunately, by that time many had already engaged with the application, and some had submitted their personal information.
We think it's best to exercise the "stop and think" method before you click; but as a backup, make sure to update your Mac every time you hear about the emergence of Apple-targeted malware. If you'd like to have your Mac update automatically, simply "check" the "Automatically update safe downloads list" in the Security pane, in System Preferences.
- INSTALL A LEGITIMATE SECURITY PROGRAM
It stands to reason that in the coming years, Mac fans will have to take a more active role in online judgment. Malware writers have Apple on their radar, and they will continue exploring new ways to block our rationality and capitalize on our most basic impulses.
Whether you're a Mac or a PC - or both for that matter - we recommend investigating real security programs to bolster your safety. Apple does offer their own antivirus software and PC owners are well aware of their options (cough, Webroot, cough). Also make sure to read industry reviews from reputable sites before moving forward.
Share the tips above with your Mac friends, who may not be as familiar with the odds and ends of Internet security, and together we'll help them become more aware of prolific beasts like MacDefender.
By Alex Fairbanks
Apple and Mac are registered trademarks of Apple Inc.