Heads Up/Warning Mac Defender

MadMacsO Thank you so much!!!

I went through the instalment process by mistake, could not get rid of the MacProtector, just like everybody else. I did manage to trash the "content" folder manually, so it didn't function any more, but still couldn't trash the programme itself, or empty the trash. Once I followed your advice of safe-booting with Shift, it worked out perfectly - trashed and got rid of it.

The downloaded file in my case was anti-malware.zip. I got it from Google images, possibly when I downloaded a programme that allowed me to see 3-d images - it was a museum site, so I foolishly trusted it.

anything else I can do to help?

By the way - I tried to mark your answer as correct, but couldn't find the link for it, which used to be, if I remember at the top of the page. any way I can do that for you?

MadMacs0 wrote:

You make a good point as regards this threat, but perhaps the next malware outbreak will involve automatically running something far more harmful under the radar.

It is a lot harder for malware to do anything harmful surreptitiously in OS X than you might think, especially if you are running Snow Leopard. For example, the OS limits what Javascript can do, even if it is enabled & not restricted by browser additions. File quarantine restricts what downloaded executable files can do without authentication by users, even for admin accounts.

Security in OS X is complicated, multilevel, & many of the details of how it works are not obvious to users. If you are interested in studying such things, a good place to start is this developer document, but it is lengthy & just an overview. In addition, some parts of some security API's are "opaque," meaning more or less that they are not documented beyond their initial calling requirements & ending states, & may change internally from one OS revision to the next.

Of course, just because it is extremely difficult for malware to do anything without user action or awareness does not mean users should get careless or complacent about these threats. Security is all about trust, & ultimately the OS must trust user decisions or it could not function beyond a very basic level. If you tell it that it is OK to install malware, it will trust your decision & do exactly that.

Just got the MacProtector virus this morning. I was immediately suspcious - when they wanted a credit card number that was the final tip off!

Went through the procssses others recommended and everything seems fine now.

Hi Paladeac,

Could you tell me where you got it as i am trying to find it to research it.

Pr0digy V. wrote:

Hi Paladeac,

Could you tell me where you got it as i am trying to find it to research it.

Keep in mind that rogue web pages that appear in search results via SEO poisoning attacks are by nature transitory & may be up for only a few hours. If you really want to "catch" this malware, research SEO attacks & devise search queries that would be likely targets for them.

I have no idea.

I'm not sure I'd even googled anything this morning before it popped up.

I cancelled my credit card. I got this viral application off my computer then called the "MacDefender" 800 number to request my money back. They asked for a transaction number from a confirmation email. I never received an email. They used the first 6 and last 4 of the now cancelled credit card to look up my transaction and state my money will be refunded in 3-5 days. I am doubtful, but wasn't too proud to essentially say, "yes, I'm an idiot but may I have my money back?".

MacJoseph wrote:

Be wary, I wouldn't have given them any numbers from my credit card. I would have called the bank, cancelled all transactions. Have the bank issue me a new one.

She said she canceled the card so the partial number is fairly innocuous info to give out; however, this makes me wonder what they said about issuing credit & if they asked for any other personal info, such as a mailing address or anything else, in connection with that.

Joseph and R C-R,

I did cancel the card first. It took me about 45 minutes to realize what I had fallen for and that was my first call.

After removing it from my computer and reading about others calling for a refund I decided to call. I did block my caller ID when I called. They did not ask for snail mail or email info. I clearly stated my name, that I had been duped by the scam and am requesting my money back. There was no argument, no protest - just the request for the transaction number (I still haven't received an email via inbox, junk or spam) or the partial credit card number. Either it's just an appeasement to avoid phone confrontation or I'll get my money back. Supposedly another person on the discussion boards got a refund so it couldn't hurt anything but my pride to ask.

My bank still had the charge listed as pending when I called. I'm hoping it just doesn't go through. You can't imagine how dumb I feel. Lessons learned...

Suzie

p.s. I got it when opening a confirmation email from a recent online purchase

Message was edited by: suzie.h.kwfl

What's interesting about this whole ordeal, is that the program was very well written and the design (interface) is very attractive with all the new Mac looks and feels such as pop-up alerts and such. What a waste...

does it automatically install the program? or the user manually accept to install it?

Jawk wrote:

does it automatically install the program? or the user manually accept to install it?

If you allow Safari to open "safe" files it will automatically launch the installer, but you must push "Continue" and "Install" before that actual program is installed.

I was just on MSNBC.com and this same 'Macdefender' virus tried to install on my computer. Luckily I was aware of what was going on and stopped it before it could complete.

I was on the home page of msnbc.com, clicked a link to a story on the main 'top stories' area.

I was on the story page for about 30 seconds reading and my browser redicted and showed an installation bar. I closed the window before it could install, but this was the same thing that happened on Google images a few weeks ago.

Do you recall the story?