• Safari Browser is the Portal for New Malware Attacks on Mac OS X Users

    A significant new security threat has been detected and its putting Mac users on high alert today. Mac antivirus and security developer Intego has "discovered a rogue anti-malware program" dubbed MACDefender. According to a report from the agency, MACDefender attacks Macs via "SEO poisoning" assaults. (NOTE: The malware described here is in NO WAY affiliated with MacDefender, makers of popular geocaching software).

    When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open “safe” files after downloading in Safari, for example), will open.
    Once the file is decompressed and the installer launches, users see what appears to be a friendly screen (see above image) prompting MACDefender setup (it should noted that because the software deceptively requires user agreement, the accompanying threat level warning for MACDefender surfaces as "low"). However, if the installation process is followed - a process that requires the entry of an administrator’s password - the software will call your computer its new home. And this is one digital house-guest you don't want.

    This latest security threat represents yet another example of how malware sites are capitalizing on Safari's "Open Safe Files" feature. Nonetheless, if you have installed the MACDefender software, there's a good chance you'll be able to uninstall the unwanted "house guest" in just a few steps - the first of which is searching for and deleting any and all references to "MACDefender" on your system.

    According to CNET:

    Currently antivirus definitions for Intego's VirusBarrier X6 software are being updated to address this threat, and it is likely other legitimate antivirus software companies are doing the same for their programs. Therefore, if you run VirusBarrier or other antivirus utilities then be sure to check for an update soon, and run a full scan on your system to remove the MACDefender malware.
    Source: Intego, CNET
  • Connect With Us

  • Twitter Box

  • Facebook