Currently Being ModeratedMay 2, 2011 10:21 AM (in response to Skip P)
Skip P wrote:
My big takeaway complaint from all of this is why isn't Safari written to ALWAYS allow you to close dialog windows ?
Because the window isn't a Safari or OS X window, it's likely a Flash base clickable image that looks like a window, why clicking the "close box" installs the malware.
Remember, NoScript for Firefox or Click2Flash for Safari stops Flash elements from running automatically.
Currently Being ModeratedMay 2, 2011 10:28 AM (in response to aliasnexus0)
I do not believe it is a Flash based exploit. I have Flash disabled by default in Chrome, and I have to manually activate any Flash plugins that try load.
Ah! Good to know.
So then to stop this is to turn off Javascrip in Safari preferences, which would e a hassle to hit preferences to turn it on if one needed it on a trusted site.
Or simply use Firefox and the NoScript Add-on, turn it on with a click on the Toolbar button if you trust the site.
Currently Being ModeratedMay 2, 2011 10:37 AM (in response to MacJoseph)
Here’s some Safety precautions you could take on your Mac, Some are more reasonable than others, and how you use your computer will partially dictate what is appropriate for your uses. However, the ones with an asterisk (*) are ideas that are pretty basic and should be done (in my opinion) by everyone.
- * Don't run as an administrator level account
- * Make sure your administrative account(s) has/have a strong password
- * Uncheck any browser options that automatically open files
- * Disable any browser features that you do not need (Example: If you never use Java or Flash then disable them, you can always enable them again for the few times you might need them, when those occasions occur)
- I also generally disable pop-ups unless a sight I trust needs it for a specific reason, then I enable it only while I perform that task.
- * Never enter your computer account's login/password for anything you didn't explicitly run and trust.
- If you want to be extra cautious, then enable parental controls on the account you use and only enable the programs you need on a daily bases, and disable everything else, including the Installer application.
- If you want Anti-Virus:
- If you want to make sure programs (like malware) are not "phoning home" then I'd suggest a program called: "Little Snitch". It allows you to authorize or deny outgoing network communications.
- Enable your Mac's Firewall (System Preferences >> security >> Firewall)
- Lock your keychain when you don't need it.
- (Applications/Utilities/KeyChain Access.app) >> Preferences>>Show Status in menu bar.
- This will add a little lock icon, up by the clock, click on it and lock all key chains when not in use.
- * Change your password(s) regularly
- * Only give your credit card and/or other personal information on secured websites that are reputable and for sites/programs where you intentionally initiated the purchase transaction.
- Use separate, encrypted disk images to store your data, and only authenticate and mount the specific ones you need, when you need it. Then dismount the disk images and lock your keychain when you're done. (Reaching into the realm of paranoia now)
Currently Being ModeratedMay 2, 2011 10:44 AM (in response to MacJoseph)
It's rather simple to defeat this from occuring:
1: Download Firefox 4.0
2: Install the NoScript Add-on
3: Install the Public Fox Add-on.
4: Hit the Toolbar Customize and drag the "Temp Allow All This page" NoScript button to the Toolbar
5: Setup PublicFox to require a password before a download occurs.
If you trust the site and need scripts to run, click the Temp Allow button.
If your Public Fox pops up with asking for your password, you know you got a driveby download, cancel it and notify the website owner.
Note: Public Fox is searched at Mozilla as "Public Fox"
Currently Being ModeratedMay 2, 2011 1:01 PM (in response to MacJoseph)
Sophos also offers their antivirus for free for Mac home users:
Currently Being ModeratedMay 2, 2011 1:41 PM (in response to Eric Brian)
Eric Brian wrote:
Sophos also offers their antivirus for free for Mac home users:
Always on anti-virus is still unnecessary on a Mac and often conflicts with OS X changes.
Just some common sense is needed and a little more attention by Apple in preventing drive by downloads.
Currently Being ModeratedMay 2, 2011 4:37 PM (in response to MacJoseph)
Just to let you know that I too, was using google images, (on chrome) when the malware hit my macbook.
I'm only 17 and am an IT NOOB, so a warning popped up telling me to download 'macdefender' and the idiot that i am, i downloaded it (i thought it sounded like a genuine anti-virus and i just bought the macbook so without thinking i got myself into that situation). This all happened to me yesterday but before i read this discussion, a friend of mine found this link which helped me permanently delete mac defender.
These steps were probably already mentioned in this discussion but I found it easy to follow. So I'd recommend anyone who got hit by the malware to go to the link, scroll down, and follow those 5 steps. I have now permanently deleted mac defender (I'm pretty sure). So yeah.
Cheers guys. Nadiah x
Currently Being ModeratedMay 2, 2011 8:10 PM (in response to Nadiah)
In case anyone is interested here is an article that appeared today on MacWorld about the MacDefender issue. It is being described as a trojan horse. http://www.macworld.com/article/159595/2011/05/macdefender_trojan_horse.html
Currently Being ModeratedMay 2, 2011 10:22 PM (in response to MacJoseph)
Unfortunately ClamXav does not yet detect this one since the greater AV community has not chosen to share it yet. We need those of you who find this on your hard drive to please upload whatever files you have to the clamav database here http://cgi.clamav.net/sendvirus.cgi and this community site http://www.virustotal.com/index.html.
Currently Being ModeratedMay 3, 2011 2:50 PM (in response to MacJoseph)
Thank you for your help the other day. I just thought I would let you know we were on google again, looking at pictures again and the program downloaded itself again. We were furiously trying to get out of it and before we could it downloaded again. We followed your instructions and took it off but I see that you are trying to track this problem so I thought I would let you know.
Currently Being ModeratedMay 3, 2011 3:15 PM (in response to aatyler)
Sorry to hear it tried to bite you again. Yes Mad Macs is trying to get a handle on it. I know most people say you don't need virus protection, and that's true, however I would rather have peace of mind. So I run ClamXav. I also use the Clam Sentry feature which you can set to actively scan your entire hard disk, and will scan files as you download them. This is what I do. Mad Macs said ClamXav would be updated for the MacDefender Trojan. I don't know what web browser you use, but if it is Firefox you can get some security extensions. If you're using Safari try GlimmerBlocker. I'm glad to have been able to help you.
Currently Being ModeratedMay 3, 2011 8:10 PM (in response to MadMacs0)
The clamav signature database has been updated to include two variants of the MacDefender Trojan, so ClamXav will detect all known versions of the .zip, .pkg and .app files associated with it.
Currently Being ModeratedMay 3, 2011 9:14 PM (in response to MadMacs0)
Is there a problem with ClamXav server to update definitions? I don't seem to be ale to connect to update. When I started a scan it said definitons were not up to date. But I'm not able to connect to update. Thanks