Apple has an official response to the malware issue

  • Avatar

    Posted: 24 May 2011 08:45 PM

    How to avoid or remove Mac Defender malware
    Last Modified: May 24, 2011
    Article: HT4650

    A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender “anti-virus” software to solve the issue.

    This ?anti-virus? software is malware (i.e. malicious software).  Its ultimate goal is to get the user’s credit card information which may be used for fraudulent purposes.

    The most common names for this malware are MacDefender, MacProtector and MacSecurity. 

    In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.  The update will also help protect users by providing an explicit warning if they download this malware. 

    In the meantime, the Resolution section below provides step-by-step instructions on how to avoid or manually remove this malware.

    Products Affected
    Mac OS X 10.4, Mac OS X 10.6, Mac OS X 10.5

    How to avoid installing this malware

    If any notifications about viruses or security software appear, quit Safari or any other browser that you are using. If a normal attempt at quitting the browser doesn?t work, then Force Quit the browser.

    In some cases, your browser may automatically download and launch the installer for this malicious software.  If this happens, cancel the installation process; do not enter your administrator password.  Delete the installer immediately using the steps below.

    Go into the Downloads folder or your preferred download location.
    Drag the installer to the Trash.
    Empty the Trash.

    How to remove this malware

    If the malware has been installed, we recommend the following actions:

    Do not provide your credit card information under any circumstances.
    Use the Removal Steps below.

    Removal steps

    Move or close the Scan Window
    Go to the Utilities folder in the Applications folder and launch Activity Monitor
    Choose All Processes from the pop up menu in the upper right corner of the window
    Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector
    Click the Quit Process button in the upper left corner of the window and select Quit
    Quit Activity Monitor application
    Open the Applications folder
    Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
    Drag to Trash, and empty Trash
    Malware also installs a login item in your account in System Preferences. Removal of the login item is not necessary, but you can remove it by following the steps below.

    Open System Preferences, select Accounts, then Login Items
    Select the name of the app you removed in the steps above ex. MacDefender, MacSecurity, MacProtector
    Click the minus button
    Use the steps in the ?How to avoid installing this malware? section above to remove the installer from the download location.



  • Avatar

    Posted: 24 May 2011 09:34 PM #1

    thanks for posting - this support articles makes more sense than the recent headlines.  did anyone see the articles about the purported memo sent to Apple call centers?  that memo was very poorly written, and had a bunch of grammar mistakes.  i find it hard to believe that was really from Apple.  looks like the FUDsters are trying again.

  • Avatar

    Posted: 05 August 2011 08:15 AM #2

    MacDefender culprits caught in Russian police raid on June 23.  Does this mean the end of “MacDefender”  or was this group just a client?


    The study of money, above all other fields in economics, is one in which complexity is used to disguise truth or to evade truth, not to reveal it. The process by which banks create money is so simple the mind is repelled.

  • Avatar

    Posted: 05 August 2011 08:35 AM #3

    macglenn - 05 August 2011 11:15 AM

    MacDefender culprits caught in Russian police raid on June 23.  Does this mean the end of “MacDefender”  or was this group just a client?

    Interesting and probably explains why Ed Bott’s “malware invasion on the Mac…” evaporated. A lot more plausible than his earlier explanation this week.