New Mac “Virus” called MACDefender
Ok, so the media is reporting there is a new “virus” that affects Mac OS X machines. It is actually a Trojan Horse, not a virus, which means it requires a human to activate the program. A virus can replicate itself without human assistance, a Trojan Horse can’t.
This particular Trojan Horse is called MACDefender, although there is apparently now a slight variation named MACProtector. Apparently some users have found it by using Google to look up innocent current news topics (especially with images) and a popup window comes up saying the user needs to download additional software to view the picture. When the user downloads the additional software, they download the Trojan Horse. Others have been infected by automatic Java scripts that run when a link is clicked by the user in a Google search. The program then starts popping up porn ads and an official window pops up saying “MACDefender has detected a virus.” Then it offers to eliminate the problem if you purchase MACDefender and offer a convenient form to fill in your credit card number. Now they have what they wanted-your credit card number.
Ok, how do you know if your computer has been infected? If the above has happened to your on your Mac, you are infected.
1. If you have given them your credit card number, call the number on the back of your credit card and cancel your card RIGHT NOW and dispute the charges.
2. If you have downloaded the Trojan Horse but have not given them your credit card number, your credit card info is still safe, we just need to get rid of the Trojan Horse.
3. Restart your computer, as soon as you hear the startup tone, hold the “shift” key down until you see the gray apple icon. (This starts your computer in “safe mode).
4. Double click on your hard drive symbol on the desktop, then double click on the “Applications” folder, then double click on the “Utilities” folder and finally double click on “Activity Monitor” to start that program.
5. If a new window does not pop up immediately, go up to the upper lefthand corner of you screen and click on “Window” and scroll down to “Activity Monitor” and select it. A new window will appear.
6. In the window highlight any lines that mention “MACDefender” or “MACProtector” and hit the red stop sign at the top of the window to quit the processes.
7. Quit the Activity Monitor program.
8. Find the “MACDefender” and/or “MACProtector” program in the Applications folder and drag them to the trash.
9. Close the Applications folder.
10. Click on the apple icon in the upper lefthand corner of the screen and scroll down to “System Preferences” and select it.
11. Select “Accounts”.
12. Assuming you have only one user account on your computer, select the padlock in the lower lefthand corner and click it, you will have to enter your MAC OS X password if it is password protected (it should be).
13. Click on “Login Items” at the top of the window. If any items in the list mention “MACDefender” or “MACProtector”, select them, and then hit the “-“ button at the bottom of the screen to remove them.
14. Click on the padlock icon again to lock it and then close the window.
15. Run a Spotlight search (click on the magnifying glass in the upper right hand corner of your desktop) and type in “MACDefender” (just the words in the quotes, no quotes are needed). Drag any items labeled “MACDefender” to the trash.
16. Run a Spotlight search (click on the magnifying glass in the upper right hand corner of your desktop) and type in “MACProtector” (just the words in the quotes, no quotes are needed). Drag any items labeled “MACProtector” to the trash.
17. Go to the upper lefthand corner of the screen and select “Finder” and scroll to “Secure Empty Trash” and select it.
18. Restart your computer and continue with the instructions below to confirm that you no longer have the MACDefender Trojan horse.
If you do not have immediately visible confirmation that MACDefender is infecting your computer:
1. Run a Spotlight search (click on the magnifying glass in the upper right hand corner of your desktop) and type in “MACDefender” (just the words in the quotes, no quotes are needed). If the search underneath the entry you typed says “no results” you do not have the Trojan Horse on your computer.
2. Do the same this time typing in “MACProtector” (again no quotes needed). Again if “no results” comes up, your computer is not currently infected with MACDefender/MACProtector.
To protect against future attacks you want to ensure that your computer does not install any software that you do not authorize.
1. Start your Safari web browser application and go to Preferences (upper left hand corner of the desktop, click on “Safari” and scroll down to “Preferences” and click on it. Click on the “General” tab at the top of the Preferences window and look at the bottom of the window. There should be a box next to the line “Open “safe” files after downloading”. UNCHECK this box-it should NOT be checked. This will prevent any future viruses from automatically decompressing and installing on your computer without you specifically telling it to install the program. You will still have to determine if the program is a valid and safe program, but at least it will not secretly without your knowledge.
2. Just as a side note, I personally prefer Firefox or Google Chrome browsers instead of Safari as they are faster and a little more security conscious.
3. Install a good anti-virus software program designed for the Mac. All the major players make good anti-virus software, but currently you can get Sophos Anti-Virus for Mac Home Edition 7.2C software for free directly from Apple here:
http://www.apple.com/downloads/macosx/networking_security/freesophosantivirusformachomeedition.html
After installing your anti-virus program, make sure to update it immediately and then do a full scan of your computer. If you keep your anti-virus software up to date and run it frequently you will not have to worry about any future viruses.
Feel free to send this to all your friends and family with Mac computers-- let's make malware writers lives difficult as difficult as possible. Yes, this post was written in very simplistic terms intentionally-- if my grandmother can follow these steps then other beginning computer users can also protect themselves against malware.
This particular Trojan Horse is called MACDefender, although there is apparently now a slight variation named MACProtector. Apparently some users have found it by using Google to look up innocent current news topics (especially with images) and a popup window comes up saying the user needs to download additional software to view the picture. When the user downloads the additional software, they download the Trojan Horse. Others have been infected by automatic Java scripts that run when a link is clicked by the user in a Google search. The program then starts popping up porn ads and an official window pops up saying “MACDefender has detected a virus.” Then it offers to eliminate the problem if you purchase MACDefender and offer a convenient form to fill in your credit card number. Now they have what they wanted-your credit card number.
Ok, how do you know if your computer has been infected? If the above has happened to your on your Mac, you are infected.
1. If you have given them your credit card number, call the number on the back of your credit card and cancel your card RIGHT NOW and dispute the charges.
2. If you have downloaded the Trojan Horse but have not given them your credit card number, your credit card info is still safe, we just need to get rid of the Trojan Horse.
3. Restart your computer, as soon as you hear the startup tone, hold the “shift” key down until you see the gray apple icon. (This starts your computer in “safe mode).
4. Double click on your hard drive symbol on the desktop, then double click on the “Applications” folder, then double click on the “Utilities” folder and finally double click on “Activity Monitor” to start that program.
5. If a new window does not pop up immediately, go up to the upper lefthand corner of you screen and click on “Window” and scroll down to “Activity Monitor” and select it. A new window will appear.
6. In the window highlight any lines that mention “MACDefender” or “MACProtector” and hit the red stop sign at the top of the window to quit the processes.
7. Quit the Activity Monitor program.
8. Find the “MACDefender” and/or “MACProtector” program in the Applications folder and drag them to the trash.
9. Close the Applications folder.
10. Click on the apple icon in the upper lefthand corner of the screen and scroll down to “System Preferences” and select it.
11. Select “Accounts”.
12. Assuming you have only one user account on your computer, select the padlock in the lower lefthand corner and click it, you will have to enter your MAC OS X password if it is password protected (it should be).
13. Click on “Login Items” at the top of the window. If any items in the list mention “MACDefender” or “MACProtector”, select them, and then hit the “-“ button at the bottom of the screen to remove them.
14. Click on the padlock icon again to lock it and then close the window.
15. Run a Spotlight search (click on the magnifying glass in the upper right hand corner of your desktop) and type in “MACDefender” (just the words in the quotes, no quotes are needed). Drag any items labeled “MACDefender” to the trash.
16. Run a Spotlight search (click on the magnifying glass in the upper right hand corner of your desktop) and type in “MACProtector” (just the words in the quotes, no quotes are needed). Drag any items labeled “MACProtector” to the trash.
17. Go to the upper lefthand corner of the screen and select “Finder” and scroll to “Secure Empty Trash” and select it.
18. Restart your computer and continue with the instructions below to confirm that you no longer have the MACDefender Trojan horse.
If you do not have immediately visible confirmation that MACDefender is infecting your computer:
1. Run a Spotlight search (click on the magnifying glass in the upper right hand corner of your desktop) and type in “MACDefender” (just the words in the quotes, no quotes are needed). If the search underneath the entry you typed says “no results” you do not have the Trojan Horse on your computer.
2. Do the same this time typing in “MACProtector” (again no quotes needed). Again if “no results” comes up, your computer is not currently infected with MACDefender/MACProtector.
To protect against future attacks you want to ensure that your computer does not install any software that you do not authorize.
1. Start your Safari web browser application and go to Preferences (upper left hand corner of the desktop, click on “Safari” and scroll down to “Preferences” and click on it. Click on the “General” tab at the top of the Preferences window and look at the bottom of the window. There should be a box next to the line “Open “safe” files after downloading”. UNCHECK this box-it should NOT be checked. This will prevent any future viruses from automatically decompressing and installing on your computer without you specifically telling it to install the program. You will still have to determine if the program is a valid and safe program, but at least it will not secretly without your knowledge.
2. Just as a side note, I personally prefer Firefox or Google Chrome browsers instead of Safari as they are faster and a little more security conscious.
3. Install a good anti-virus software program designed for the Mac. All the major players make good anti-virus software, but currently you can get Sophos Anti-Virus for Mac Home Edition 7.2C software for free directly from Apple here:
http://www.apple.com/downloads/macosx/networking_security/freesophosantivirusformachomeedition.html
After installing your anti-virus program, make sure to update it immediately and then do a full scan of your computer. If you keep your anti-virus software up to date and run it frequently you will not have to worry about any future viruses.
Feel free to send this to all your friends and family with Mac computers-- let's make malware writers lives difficult as difficult as possible. Yes, this post was written in very simplistic terms intentionally-- if my grandmother can follow these steps then other beginning computer users can also protect themselves against malware.