Apple’s Growing Popularity Makes Macs Malware Targets

For a long time, most Mac users have gotten along fine without installing the sort of security programs Windows users take for granted. Perhaps the Mac, built on an industrial-strength Unix core, is more secure. Or perhaps malware authors have simply ignored the Mac platform, aiming instead at the much larger numbers of Windows users.

In May, some Mac users got a taste of what’s become a common experience for Windows users: scareware. Rogue websites, along with Facebook and Twitter messages – some promising news about Bin Laden’s death – led users to a page that claimed their Mac was infested with a variety of infections.

Web searches for “Mac anti-virus software” led to similar rogue web pages.

MacDefender alert

Whatever its name, this MAC Defender does its best to look like a legitimate OS X warning.

Users were recommended “MAC Defender” (or “Mac Protector” or “Mac Security”) to remove the “infections”. After downloading and installing the program, they would be prompted to enter a credit card number before the software would pretend to clean up the nonexistent problems.

Until users paid up, the software repeatedly popped up pages with porn as proof that the computer had been infected. Besides the $60 to $80 cost of registering the software, users who entered credit card information risked identity theft and other charges to their card.

MAC Defender says your Mac is infected

MAC Defender says your Mac is infected, but it is the real malware.

Unlike some Windows malware, this software did not install itself automatically as the result of visiting a rogue web page; users needed to actively agree to download it and to enter their system password – in effect agreeing to infect their computer.

If a user can be convinced to install malware, it doesn’t matter how innately secure his or her computer is. Mac owners are similarly targeted by email-delivered phishing scams, just like Windows users, and are equally likely to fall for these identity-theft scams.

Moreover, the default setting in Apple’s Safari browser allows “safe downloads” to open automatically; if a user clicks to download MAC Defender, its installer auto-opens, leading some users to assume it’s safe to allow it to proceed.

In late April, security experts announced the discovery of a do-it-yourself malware kit targeting Mac OS X, similar to long-available Zeus and Spy Eye kits aimed at Windows users. This suggests that Mac users will find themselves a growing target, an ironic bow to Apple’s sales success.

A 2008 SourceFire report predicted that the Mac would become an attractive target when its market share reached 16%. The Mac has recently reached that level in the US, Switzerland, and several other countries, and it is just below it (14%) in Canada.

Adam O’Donnell, author of the 2008 report, commented, “People are testing the waters. It has just become economically viable to do it, so you will start seeing these attacks becoming more common.”

Another factor: The slow decline in popularity of Windows XP. Microsoft reports it finds 15.9 infected XP systems per thousand compared with 3.8 for Windows 7 systems, suggesting the newer version is about four times as secure. As fewer easily infected XP systems become available, malware authors are looking for new targets.

MAC Defender (however named) infections of Macs remain relatively rare – though anecdotal reports are piling up. ZDNet’s Ed Bott reported that an anonymous AppleCare representative told him call volume was four to five times higher than normal, mostly due to MAC Defender.

Mac users:

Turn off safe downloads

Uncheck the “Open ‘safe’ files after downloading: option.

  • Go to Safari’s preferences and uncheck the option (on the General tab) to “open ‘safe files’ after downloading.”
  • If you’re using Mac OS X 10.6 Snow Leopard, run Software Update and make sure you are at version 10.6.7 or later and have Apple’s Security Update 2011-03 (Snow Leopard) installed. This update specifically addresses malware, especially MAC Defender and its variants.
  • Consider installing antivirus software like Sophos Anti-Virus for Mac Home Edition (free for home users) or ClamXav (free).
  • Don’t automatically run applications from unknown sources. And don’t believe everything a web page (or even a Facebook “friend”) tells you!
  • If your Mac has been infected with MAC Defender, follow these removal instructions.

And Windows users, while it’s fair to gloat a little bit, remember, your that platform has it much worse – recent stats suggest that a full one in every 14 Internet downloads is Windows malware.

Follow Alan Zisman on Twitter.

First published in Business in Vancouver June 21-27, 2011 issue #1130.

Keywords: #macsecurity #osxsecurity #macmalware

Short link:

searchword: macdefender