June 1, 2011



Malware for Macs hits campus

By K-State IT editor

Malware targeting Apple Mac computers was inevitable - hackers could not continue to ignore this popular platform where users tend to be complacent because they buy into the myth that Macs are more secure. They are not inherently more secure; they've just been ignored by cybercriminals... until now. Several K-State departments have reported Mac computers infected with fake antivirus malware called MACDefender or something similar.

Like its Windows scareware counterparts, MACDefender tries to trick the user into buying useless or non-existent security software for up to $99 by convincing them their computer is infected. The only thing they're infected with is the fake AV software, and those tricked into making the purchase give their credit card information to criminals.

If your computer has been infected with this malware, contact your IT support person right away. If you also made a purchase, contact your credit card company immediately to cancel that account and issue a new one.

The original version required the user to manually extract a .zip file (BestMacAntivirus2011.mpkg.zip), install the package, and enter the admin password to complete the installation. If you have the Safari browser set to "Open safe files after downloading", which is enabled by default, the package will extract and install automatically (although you still have to enter the admin password). However, a new version of the malware called MacGuard reportedly installs itself directly into the Applications folder without prompting the user for the admin password.

Trend Micro Security for Mac identifies this malware as OSX_FAKEDEF.M and should prevent infection, although it won't necessarily catch new variants right away. Like Windows, you cannot rely on antivirus software alone to protect you.

Security threats to Macs are only going to get worse, so Mac users must be just as diligent and cautious as Windows users:

  • Run Trend Micro Security for Mac anti-virus software, which is available at no cost to all K-State faculty, staff, and students.
  • Regularly apply security patches to both the operating system (Mac OS X) and all applications, especially Adobe products, Java, and web browsers.
  • Use a strong password on all accounts.
  • Treat all unexpected requests for the administrator password with suspicion.
  • Be wary of email attachments and clickable links in email. Think before you click!