Mac Defender pretends to be anti-malware software that detects infections on your computer.
(Credit: Intego)This ruse isn't new. So-called rogue antivirus has been hitting Windows machines for years. But this is the first time this type of malware has been written to target the much smaller Mac market.
This FAQ sorts through the facts to help determine how serious the issue really is.
What is the malware?
Mac Defender, also known as Mac Security and Mac Protector, is a fake antivirus program that is designed to scare people into thinking that their computers are infected with malware and that they have to pay with a credit card to clean the machine up. People get infected with the rogue antivirus programs when they happen to stumble upon Web sites hosting the malware. The malicious sites are created solely to distribute malware and they are search engine optimized so they will appear high up in search results. They use an image related to a popular news topic as bait to lure people to the site, according to Mac antivirus firm Intego, which warned about Mac Defender earlier this month. For instance, one of the sites was in the top five spots this week for searches on "DSK," or Dominique Strauss-Kahn, the French official on the International Monetary Fund who was arrested on sexual assault charges last weekend, according to Intego spokesman Peter James. The malicious sites are taken down and changed from day to day so blocking them is difficult.
How widespread is the malware?
While it's definitely not an epidemic, it does seem to be hitting the radar more than other Mac malware has in the past. Ed Bott at ZDNet reports that an AppleCare support rep told him call volume on the support line was four to five times higher than normal and most of the calls were about the malware. "It started with one call a day two weeks ago, now it's every other call. It's getting worse. And quick," the unnamed source is quoted as saying."
Bott also published what appeared to be an internal Apple document with guidance for support reps when they get calls about Mac Defender. It advises reps to not confirm or deny that the software has been installed and not attempt to remove or uninstall any malware software. Meanwhile, Bott reports that he found more than 200 separate discussion threads on discussions.apple.com about the matter, including comments from many who had been tricked into installing the malware. He offers juicy tidbits from those discussions here.
Intego said it had been contacted by a "huge number" of customers worried about the malware, and that it had collected dozens of samples of the code. "The news stories were making it worse because it makes Mac users worried and they are more convinced that the fake antivirus warning is real," Intego spokesman James said in an interview today. "It's a self perpetuating process."
Apple declined to provide comment for this story. Read More
