AppleCare rep tells Ed Bott Mac malware reports are up

My dad (brand new, first-time Mac user) ran into this scam. To him, the fake SL Finder "window" in Safari looked perfectly legit. But something just "felt" odd to him so he called me and we screen-shared via iChat, and I instantly knew what was going on. I then walked him through removal of the installation packages (3 of them!) that had been downloaded and we changed Safari's preferences to not auto-open downloaded files.

A scary prospect for someone who just bought their first Mac and is still learning what's what. But it gave us the opportunity to have the "security discussion."

I have been working on computers for a university over 6 years and within the first couple days after hearing about the malware we saw it pop up. Before this I had never seen a mac virus/malware infect a Apple computer.

There are a lot of naive mac users. I have spoken to users with Windows installed with no antivirus software and been told macs don't get viruses so they assume the computer will prevent it.

So this is spreading via social engineering only or also via web browser vulnerability both?

I actually ran into this earlier today for the first time. Before ever having caught wind of this. Screenshot I took. http://db.tt/e5fBN2L

Yes, MacDefender is absolutely real and it is hammering our customers pretty hard. A small number of them have been scammed harder by entering in their credit card numbers - not just installing it.

It's social engineering, but the effect is the same: faith in the Mac platform is shaken.

I had "MacDefender" install instantly when I tried to download a picture for a presentation. It was awful. It literally took over my computer to the point where every 20 seconds I had a new popup in Safari for rather awful web pages that I truly had no desire to see nor have pop-up. It took a significant number of searches on another home computer to find out how to remove it from the computer as every time I tried to drag it to trash, it wouldn't allow me to claiming that it was in use.

A few days ago I navigated to Salon.com using Safari's URL autocomplete feature but after a brief pause was instead redirected to site informing me that my computer was infected via a pop-up dialog box.

I did nothing, instead force-quitting Safari and rebooting.

So far, no sign of infection, though I am still curious about how navigating to Salon.com led me to the malware site.

I actually saw the Mac Defender trojan today. I was searching for vector artwork for a company logo and what looked like a graphics repository site downloaded a zip file with the trojan.

Of course to be infected I would have had to have "open safe files" enabled (which I don't) and I would have had to execute the trojan, and (I expect) enter my admin password. Of course I did neither of those steps.

The site did present graphics that looked a lot like Mac system windows, if Mac system windows contained jpg artifacts.

I could probably find the site again if anyone is interested.

I work as a Mac Tech in a local PC store. I have only seen one Mac Defender attack. The nice thing about the malware is the ease of removal. PC users might start pointing and laughing that macs are now vulnerable, but do not realize that it's only a program that gets installed and removal is as easy as killing the process in activity monitor and dragging the program to the trash and emptying. Then log into the user menu and remove the entry from the run at startup menu. 5 minutes tops.

PC users can have damage done from the fake AV's floating around that can result in a reload if not removed correctly. And that removal can take 3 - 4 different programs and knowledge of the Windows registry. As a Mac user I will gladly take these new attacks over what windows users have to deal with.

Yet another reason why Mac apps will inevitably all migrate to the Mac App Store. It's for the better.