You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

MacDefender trojan

I've been following the discussions of this subject, but I have yet to succeed in downloading the trojan or in figuring out how it manages to get installed. I'd appreciate it if someone could send me a direct link. Please don't post the link here or anywhere else on this site. Send it to


macdefendertrojan@mailinator.net


and reply to this thread so I know It's there. Mailinator is a webmail server that automatically creates a throwaway account when it receives mail for any address in the domain. The received messages are automatically deleted after a few hours, so I need to know when to look. I also need the message subject so I can distinguish it from spam. Anyone can access the message. If you do, please use caution.


Instructions on what to Google haven't helped me. My setup is quite locked down and I block a lot of otherwise unwanted content. I need a direct URL.


If I get a positive response, I'll try to analyse the trojan in more detail than I've seen here, and post the results in this topic. Thanks.

Mac OS X (10.6.7)

Posted on May 1, 2011 6:36 PM

Reply
140 replies

May 9, 2011 9:24 AM in response to ds store

ou may a trojan called Mac Defender / Protector / Security




Check you downloads folder and apps folder to see if it is there If you not find it


-If go to safari, preferences, general, deselect - open all safe downloads ( may not be exact wording)




If you find it go to DO NOT SIGN UP or GIVE CREDIT CARD INFO....




Go to acitivity monitor in ultilies - quit the program.


trash it from downloads, app folder, remove for Login Item in accouns (sys. pref)


Boot into safe mode - hold the option key down and when you restart the mac


look at these locations to see if remains.... if found try removing them again




Uncheck the safari pref as above




I advise getting security software or wait for Apple to come up with a security fix

May 9, 2011 9:58 AM in response to ronaldz

ronaldz wrote:


I advise getting security software or wait for Apple to come up with a security fix


There is no way for security software to reliably detect this trojan. It can be easily changed and already has been. There is also no Apple security fix to address it.


Mac trojans are fundamentally unlike Windows malware. Because MacOS X is secure to begin with. You, the user, must install the malware. That is the only way to get infected. The only reliable defense is to just not click the "install" button.


When you install software and hand over your admin password, the software can do anything it wants. Because MacOS X is secure and malware must be installed by the user, there is no way for anti-virus software to stop it.


Don't put your faith in anti-virus software, don't wait for Apple to release a security fix, just don't install it. Apple has created the Mac App store as a way to distribute legitimate, trusted software to end users. Most legitimate software can, and should, use the Mac App store. Being safe from malware on MacOS X is very easy - if you don't trust the installer, don't provide your password. When in doubt, just select "Quit Installer" from the "Installer" menu.

May 9, 2011 10:16 AM in response to etresoft

To back up etresoft, I and several other folks who tested AV software against these trojans saw a several day delay before the first was recognized by any AV software, by which point many people were already affected, and then another delay when MacDefender morphed into MacSecurity. I'm sure some of the folks fooled by this malware were running AV software at the time.


Over-reliance on AV software can produce a complacent attitude that results in an easy infection. After all, the software must be okay if the AV software didn't catch it, right?


That said, though, I do hope that Apple removes .mpkg files from the "safe" file list in Safari and adds them to the list of things to be held in Quarantine. That would go much further towards preventing such outbreaks than any malware-specific protection.

May 9, 2011 11:34 AM in response to thomas_r.

Thomas A Reed wrote:


That said, though, I do hope that Apple removes .mpkg files from the "safe" file list in Safari and adds them to the list of things to be held in Quarantine. That would go much further towards preventing such outbreaks than any malware-specific protection.

I wish Apple would get rid of that option altogether. It serves no useful purpose to anyone except malware authors.

May 9, 2011 11:55 AM in response to flash8898

flash8898 wrote:


Mine came through on Firefox... not Safari.


To prevent further infections, install NoScript Add:on for Firefox, use the toolbar customization to drag NoScript button to the Toolbar for easy enabling and disabling of scripts on a per site basis.


Also if you install Public Fox, you can set a password on the downloads.


Use the free ClamXav to remove your present infection first though. 🙂


http://www.clamxav.com/

MacDefender trojan

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.