Apple Security Update 2011-003 and the Mac Defender Malware

There’s this bad thing called Mac Defender. It comes from bad guys (Russians, just like in the movies). Then there’s this good thing called Apple Security Update 2011-003. It comes from good guys (Apple, Inc.). You want the Security Update 2011-003 because you DON’T want Mac Defender. So, Step One: go to your Apple menu, choose “Software Update…”, and install Apple Security Update 2011-003. You can read about it by clicking here but this is a case where you can take my word for it. Get the update and read about it later if you want. For Mac OS X 10.6.7 only. Sorry, Mom.

Mac Defender has gotten a lot of press. It’s a scam, pure and simple: a fake anti-virus program that does nothing other than put your credit card info into the wrong hands. It works like this: you’re reading a web page when all of a sudden a message appears telling you that your computer is infected with viruses and other malware, and that you need to take care of this problem right away, and Mac Defender offers to do it for you, for a fee. In fact, the warning message is faked; the Mac Defender virus warning is canned, and when “they” say they can clean up the problem they mean that if you give them your credit card info they’ll quit with the phony “you’re infected!” messages. Pretty easy money– but that’s not the end of it, because now they have your credit card info and you can bet they’ll use it.

You know better than to give your credit card info to some total stranger, even if they have a trustworthy-sounding name like Mac Defender. Right? Right. And you know the internet is not locked down nice and tight– websites are hacked all the time, so malicious code can be put onto a site that you thought you could trust. (It’s happened even to Google, believe it or not.) So, it’s not going to work to say “Well I never go to those bad websites, I only use Google and PBS.org and ChristianBoyce.com”– the bad guys can stick their nasty code into any site if they try hard enough. Passwords are learned, weaknesses are exploited. Bad things happen. Just don’t let them happen to you.

If you get a message on your Mac (or your iPhone, or your iPad) and it says “pay me, quick” it’s probably a scam. Take a picture of the screen (Command-Shift-3) and email it to me and I’ll help you figure out what’s going on.

The really good news here is that Apple has figured out how to stop scams like this in their tracks. Get the Security Update 2011-003 and you’re all set. If you are on Mac OS X 10.5, you’re somewhat on your own, but just keep being smart and somewhat suspicious and you’ll be fine. And of course send me those screenshots (Command-Shift-3).

Here’s a nice write-up about the Mac Defender phony anti-virus thing, though it’s a little out of date now that Apple’s come up with the Security Update. Good reading anyway. Thanks to PCWorld.com for this.


by


Leave a Reply

Your email address will not be published.