Mac Defender malware now spreading virally via Facebook

Mac Defender malware now spreading virally via Facebook

Summary: Mac malware has made the leap to Facebook and is now spreading virally, claiming to be a video of IMF boss Dominique Strauss-Kahn.

SHARE:

[UPDATE: Apple issues security update to detect and remove Mac Defender and variants, but still allows users to open known infected files!]

Mac malware has made the leap to Facebook and is now spreading virally, claiming to be a video of IMF boss Dominique Strauss-Kahn.

Security firm Sophos has the details:

The fake anti-virus attack first appears in your timeline as a message apparently posted by one of your friends.

In case you've been out of the loop, the text used refers to the news story of IMF chief Dominique Strauss-Kahn who is facing charges in New York over charges that he allegedly tried to rape a hotel maid.

People who know what they're doing will recognize this for what it is - a sick fakey headline and the promise of a video is used to entice people to click on the link which goes to a site pushing malware - in this case Mac Defender. For good measure clicking on the link also posts the same message onto the Facebook wall of the person clicking on the link - this helps find the next sucker victim.

Sophos senior technology consultant Graham Cluley calls it a 'a genius piece of social engineering.'

Needless to say, if you see this on Facebook, don't click on the link!

Apple has promised a patch for Mac Defender and its variants, but so far this hasn't materialized. [UPDATE: The Apple security update has just materialized.]

Windows users shouldn't get too cocky though, given that the same viral 'video' is being used to spread the Zeus botnet malware to the Microsoft crowd. Linux users don't get to play.

Additional coverage:

Topics: Security, Apple, Hardware, Malware, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

57 comments
Log in or register to join the discussion
  • RE: Mac Defender malware now spreading virally via Facebook

    ... The flood gates just opened up.
    The one and only, Cylon Centurion
    • RE: Mac Defender malware now spreading virally via Facebook

      @Cylon Centurion

      Don't say that too loud. The Apple police will be knocking on your door.
      Test Subject
    • RE: Mac Defender malware now spreading virally via Facebook

      @Cylon Centurion

      And there's a lesson here for Linux users too. There is no magic. If Linux grew to near 9%, gained a development environment that didn't suck too much, was used by people who had money or believed in paying for software, then they could play too.

      The same applies to a clay tablet and stick, which has about the same global share ;-)
      tonymcs@...
      • RE: Mac Defender malware now spreading virally via Facebook

        [i]And there's a lesson here for Linux users too. There is no magic. If Linux grew to near 9%, gained a development environment that didn't suck too much, was used by people who had money or believed in paying for software, then they could play too.[/i]

        Garbage. Unlike Apple, Linux gets it's software through it's distro supported Package Repository. By default, the executable bit is turned off and you can't just click on wizards in the wild and download things like you do with Windows. If you've ever used it (and I suspect you haven't), you would know this.

        I wouldn't be surprised if Apple extends it's App Store the same way a Package Repository does, only unlike Linux, you'll have to pay for many of the apps that are in there.
        ScorpioBlue
  • Message has been deleted.

    bobiroc
    • People have to be really clueless to be harmed from this

      @bobiroc<br><br>First of all, people should all of sudden believe that there is "virus" on Macintosh, even though in whole twenty seven year long history of these computers there was no even single epidemic of a virus (if thogh laboratory, "proof of concept" examples did exist).<br><br>Second, user has to believe that non-existing, never previously known program "Mac Defender" would all of sudden heal the computer of "virus".<br><br>Third, after agreeing with this trick and **voluntary installing** it and seeing that, despite the promise, the computer is not healed, user has to believe to this program for **second time** that it will actually heal the computer in the end of the day if user will pay for "full" version of this program.<br><br>All in all, user has to be at least *thrice* clueless to actually get harmed. <b>No comparison to PCs, which really have history of virus epidemics, what makes the social engineering actually working big scale in reality, not only in the media as with this MacDefender thing.</b>
      DDERSSS
      • Let's count the number of things wrong with the sentence

        @denisrs

        If you want to go back in history to begin counting -- which you obviously do because there aren't any really relevant modern viruses affecting Windows 7 any more -- the *First* PC virus ever written -- Elk Cloner -- was for the Apple.

        But, to be fair, Mac OS X is a fairly immature operating system that only goes as far back as Leopard -- Tiger being on a completely different platform. Even still, Leap-A and a number of other viruses existed on both Leopard and Tiger.

        Given the fact that these computers are sold on the FUD that they are somehow more secure than a modern Windows 7 Operating system and that the Mac OS goes out of its way to manage the user experience, Mac users tende to be naive <B>there is no comparison</b>.
        Your Non Advocate
      • RE: Mac Defender malware now spreading virally via Facebook

        @denisrs your denial is entertaining to say the least.
        ItsTheBottomLine
      • RE: People have to be really clueless...

        @denisrs

        Oh I am not denying that but if 25 years working with computers and in IT has taught me anything there are many clueless computer users out there no matter what platform or software or technology they choose to use.

        No one isn't saying that this scam like all the other similar onese are not obvious (especially to those that are computer literate) but it does not change the fact that they are effective. This scam is virtually no different than all the Scareware that gets on Windows computers and yet millions have fallen for those scams too. They all have one goal and that is to trick the user into thinking their computer is compromised and to get them to enter a credit card thinking the fake software will fix it.

        Also as it has been said many times viruses (and I mean actual viruses) and worms are not very effective in modern Windows or fully patched Windows systems either unless for some reason you are using Windows XP Pre SP2 or earlier versions of Windows without a firewall or something insanely stupid. Of course stuff like that happens too as most of the machines I see with an infection are not properly patched. Either that or they were doing something "clueless" to let the infection in. You can bring up the history of Windows viruses all you want but it doesn't change the fact that it is irrelevant today.
        bobiroc
      • RE: Mac Defender malware now spreading virally via Facebook

        @Bobiroc

        Let's keep in mind that XP is still the most popular version of Windows, since Vista sucked so badly. Ummmkay?

        One problem doesn't mean that 'security though obscurity' BS is proven. It's not, and this is still a socially engineered exploit, not the common, garden variety Windows exploit that requires NOTHING of the user whatsoever.

        Windows 7 doesn't change things much, the Windows(?) reputation is still suffering from XP's near total lack of security, just like Mac users are still suffering from bogus FUD, etc.
        comp_indiana
      • RE: Mac Defender malware now spreading virally via Facebook

        @comp_indiana

        You are full of it.

        This idea that XP is the truly representative version of Windows is nonsense. XP is about half of worldwide Windows usage, and only because of all the pirate copies throughout the developing world. It is a distinct minority of Windows in the developed world. Win7 is the fastest selling version of Windows ever and its share is edging ahead of XP in Europe and North America. So which version of Windows is "popular?" I know you love your straw man, but it's time to give it up.

        Your reference to a "common, garden variety Windows exploit" requiring no interaction from the user is completely false in today's environment. Most Windows exploits are socially engineered, just like the Mac exploit.

        If there ever was a system that had its reputation damaged by FUD it was Vista, not OS X. Acknowledging that OS X is as vulnerable to malware as modern versions of Windows is not FUD.
        Lester Young
  • Perspective: Mac v PC viruses

    I once worked for a major antivirus company testing scan products, and we had a secure lab and in it a CD full of every known virus for PC at the time (11 years ago). If memory serves, the expected count for each daily build of the scanner when scanning the disk was about 100,000. There have, of course, been many viruses since.

    This Mac Defender thing is one piece of malware (which a user has to run and provide a password to install).

    We've seen three dozen stories about it on ZDNet. So
    Mac: 1 malware = 36 stories
    PC: x00,000 malware = 4 or 5 stories

    There isn't an epidemic of Mac malware. There's an epidemic of Mac malware scare stories.
    HollywoodDog
    • RE: Mac Defender malware now spreading virally via Facebook

      @HollywoodDog
      Do the checks you get from Steve Jobs make you sleep better at night?
      Droid101
      • RE: Mac Defender malware now spreading virally via Facebook

        @Droid101 LOL - very good.
        ItsTheBottomLine
      • RE: Mac Defender malware now spreading virally via Facebook

        It's Direct Deposit into my account, and wrong Steve. Balmer instigated because Macs and viri don't get enough newstime and he wants to balance the coverage in order to make MightySoft look better. Face it he has to do something other than lose revenue and market share.
        Jesster
    • RE: Mac Defender malware now spreading virally via Facebook

      @HollywoodDog

      Ok... Once again you are living in the past as viruses and worms are not really a big issue anymore as if they do end up on a computer it is usually because a piece of malware like this has opened the door for them.

      Second of all this is the first piece of Malware for MacOS that anyone has ever seen grow and be spread like this so it comes to a shock to many people. This is the way computers and people are being exploited today.

      Thirdly it is no different than the very many articles and blogs written about conficker a few years ago when that was made out to be the threat that took down Windows for good and ended up only really affecting about .07% of all the Windows computers in the world. I am sure there were 36 or more stories about Conficker then too and it is still brought up as an example of a major Windows exploit today even though there was a patch for Windows months before it even hit and it only really affected unpatched systems.

      I have had my hands on one Mac with this Malware and have received several emails and messages from teachers I work with and family and friends that use Macs that have had this installed. Thankfully this one is relatively easy to uninstall and remove and as long as they did not cough up any credit card or personal information they should be OK.
      bobiroc
      • Untrue - not living in past

        @bobiroc ... and I'm certainly not of the opinion that malware doesn't matter. I worked in A/V company for heaven's sake.

        You said: "this is the first piece of Malware for MacOS that anyone has ever seen grow and be spread like this so it comes to a shock to many people"

        Exactly. PC gets malware, it's dog-bites-man. Mac gets malware it's man-bites-dog.

        It's no surprise that the PC centric industry media is going to go on about this. I'm just saying the hype is overblown.

        Don't install software off the internet unless you're totally positive what it is, and if you're not convinced you can avoid this temptation, go get A/V software for the Mac.

        I am running my Macs without it.
        HollywoodDog
      • RE: Mac Defender malware now spreading virally via Facebook

        @HollywoodDog

        [i]"You said: "this is the first piece of Malware for MacOS that anyone has ever seen grow and be spread like this so it comes to a shock to many people"

        Exactly. PC gets malware, it's dog-bites-man. Mac gets malware it's man-bites-dog."[/i]

        I think you severly overestimate the MacOS user community. They are people just like Windows users and they will remain their own worst enemies when it comes to stuff like this. This malware is biting and for most it becomes an annoyance but for some it is very effective.

        [i]"Don't install software off the internet unless you're totally positive what it is, and if you're not convinced you can avoid this temptation, go get A/V software for the Mac."[/i]

        That is great advice. Now see if people will actually follow it. Current events and recent and distant history has shown that is the one factor that will not change. The operators of the computer will be it's downfall no matter how secure you make an OS or piece of software. Malware writers know this and that is why they choose to use this method and other methods the prey on the unsuspecting user like phishing.
        bobiroc
      • Message has been deleted.

        ScorpioBlue
    • RE: Mac Defender malware now spreading virally via Facebook

      @HollywoodDog Did you miss the memo? You don't even need to put in the password anymore.
      Aerowind