OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

New MacDefender variant: MacSecurity

Posted on May 6th, 2011 at 12:53 PM EDT

A new variant of MacDefender has appeared, called MacSecurity.  The name is different, as is the appearance of the fake “anti-virus scan” website.  However, in all other respects, it is the same as MacDefender, as far as I can tell.


Read the rest of this entry »

3 Comments

MacDefender malware still rampant in Google Images

Posted on May 6th, 2011 at 9:02 AM EDT

For those who have been following news coverage of the new MacDefender trojan, first discovered last weekend, you will know that its primary vector for transmission was apparently Google Images.  Unfortunately, poisoning of Google Images’ cache has apparently not changed, and if anything, may have gotten worse.  I had previously been unable to locate a copy of MacDefender, even on Google Images.  I only got hold of a copy because a reader contacted me privately with information on where to find it.  Last night, however, as I was doing some searches on Google Images, I came across MacDefender scam sites no less than 5 times in 15 minutes.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

ClamXav updated

Posted on May 4th, 2011 at 6:46 AM EDT

Last night, the ClamXav virus definition database was updated to recognize the MacDefender trojan.  This is important, because many Mac users do not like the more intrusive anti-virus software from the major vendors.  ClamXav is the preferred AV tool for many, and the one I have always recommended, so it’s good to know that it has been updated quickly.

This post is more than 30 days old and has been locked. No further comments are allowed.

MacDefender in action

Posted on May 3rd, 2011 at 7:40 AM EDT

I have located a copy of the MacDefender trojan (thanks to Linc Davis, who sent me the link) and have done some testing myself.  Below is a detailed account of my experiences with it, as a continuing addition to previous news on this issue on my blog.
Read the rest of this entry »

6 Comments

MacDefender news

Posted on May 2nd, 2011 at 7:12 AM EDT

MacDefender has been noticed by the security companies this morning.  Intego reps are posting on Apple Support Communities looking for samples of this trojan, and Intego has posted a blog entry describing what they have discovered.  Apparently, this trojan is somehow downloaded after people searching the Google Images database get redirected to a malicious site.  How the installer ends up running by itself is unknown, but may point to a security hole in Safari.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

Fast Windows Antivirus = MacDefender?

Posted on May 1st, 2011 at 10:05 PM EDT

I’m hearing a lot of talk today about something called Fast Windows Antivirus, which confusingly is being installed on people’s Macs.  How it gets there I’m still not sure of – though it sounds like a lot of people are connecting it to downloading something from Google Images – and whether this is the same thing as MacDefender I’m also unsure of.  However, over on the Apple Support Communities, there’s talk from folks who have been scammed into spending $99 on one of these, and a lot of people are looking for ways to remove it.  I have no idea yet if it has been added to malware definitions for anti-virus software like ClamXav or Sophos Anti-Virus for Mac Home Edition.  My gut says probably not yet, since it’s a weekend.  I’m betting we’ll be flooded with news on this on Monday.  For now, beware!

This post is more than 30 days old and has been locked. No further comments are allowed.

New MacDefender trojan?

Posted on April 30th, 2011 at 9:40 PM EDT

I’m hearing some talk this evening about a new Mac trojan called MacDefender, possibly related to the PC Defender trojan.  From what I hear, it is apparently fake anti-virus software, downloaded to “protect” your computer from malicious web sites that claim to have detected a virus on your machine.  Once installed, it supposedly tries to convince you to buy the program.  What else it might be doing behind the scenes is still unclear, as is how widespread a problem this might become.  As soon as I have more information I will add it to my Mac Virus Guide.

Edit: For more coverage, see subsequent entries in my blog.

This post is more than 30 days old and has been locked. No further comments are allowed.