By Jeffrey Van Camp
In the next few days, Apple plans to release a patch to its Mac OS X to kill the "Mac Defender" virus that has been tricking Apple users into giving away their credit card information. News of the patch comes from Apple's Support site, which now has an entire page dedicated to the malware, which has been spreading across the Mac world.
"In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants," says Apple. " The update will also help protect users by providing an explicit warning if they download this malware."
However, for those with more immediate problems, Apple has provided a guide to avoid installing the malicious software, which also goes by the names MacSecurity and MacProtecter, and how to remove it if you've already made a huge mistake and installed it. If you haven't yet installed Mac Defender, Apple recommends Force Quitting your browser before it installs or aborting the installation and dragging the installer out of your downloads folder and into the Trash. If you've already installed it, follow the steps on the site, which we've also included below.
The Mac Defender virus attacks users if they click on an infected link on the Web, usually in a search engine like Google. Many of the infected websites have been positioned using search engine optimization (SEO), so they appear high in results. Once infected, a window pops up telling a user that the computer is infected with a virus. The real virus is, of course, Mac Defender, which masquerades as an antivirus problem that will supposedly delete the virus for a fee of somewhere between $59.95 and $79.95. The virus also hijacks your browser and displays pornography.
Oddly, the Mac Defender scanning window resembles a Windows XP application, but this doesn't seem to have stopped Mac users from being tricked, likely because they are not used to such attacks. ZDNet estimates that as many as 125,000 users have been infected. Until now, Apple computers have not been attacked by a virus at this scale. Most users do not have antivirus programs installed, nor do most Apple experts recommend malware programs. This tricky kind of attack is fairly routine in the Windows world.
If you've been infected by Mac Defender or know more about it, please comment below.
Steps to remove Mac Defender
- Move or close the Scan Window
- Go to the Utilities folder in the Applications folder and launch Activity Monitor
- Choose All Processes from the pop up menu in the upper right corner of the window
- Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector
- Click the Quit Process button in the upper left corner of the window and select Quit
- Quit Activity Monitor application
- Open the Applications folder
- Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
- Drag to Trash, and empty Trash
Malware also installs a login item in your account in System Preferences. Removal of the login item is not necessary, but you can remove it by following the steps below.
- Open System Preferences, select Accounts, then Login Items
- Select the name of the app you removed in the steps above ex. MacDefender, MacSecurity, MacProtector
- Click the minus button