Mac Defender
Mac Defender is a rogue security application that will target victims using Macintosh Safari OS X. It usually spreads through SEO poisoning that will redirect search page to unwanted and malicious web sites. Also known as the MacDefender virus, this fake AV will show up on top of the lists of any given results when searching the web. Clicking on the links will bring up a new browser window that contains a fake virus detection. When executed, a malicious JavaScript code will automatically download an installer for Mac Defender.
It may get automatically installed if the “Open safe files after downloading” is enabled in Safari. Since Mac was designed to require user password before any program will get installed, a consent is required before Mac Defender can be loaded on to the computer. With its ability to deceive computer users by its presentable graphical user interface, some may think of it as a legitimate application.
If installed on the computer, Mac Defender virus will occasionally display fake alerts and informs users of virus detection. Worst, this malicious application can open a browser window that contains explicit images. In the end, it will force users to obtain the licensed version by redirecting Internet browser to an insecure payment processing website and asked for credit card account. Having the licensed version will not remove any threats on the system. Victims will just pay for an ineffective program that was designed only to scam users and steal money from their credit card accounts.
Screen Shot Image:
Alias: MacDefender
Damage Level: Medium
Systems Affected: Mac OS X
Mac Defender Removal Procedure:
1. On Mac system, go to Utilities Folder and open the Terminal application.
2. On the Terminal window type the following command and press Return key
ps -ax | grep -i MacDefender
3. Take note on the first digits listed, this is the process ID associated to MacDefender virus.
4. On the Terminal again, type the following command and press Return key. “XXXX” are the first digits noted above.
kill XXXX
5. Drag the MacDefender program (typically installed inside the Applications folder) to the Trash.
6. Empty the Trash.
7. Go to Login Items and remove MacDefender program in the OS X System Preferences.
Technical Details and Additional Information:
Malicious Files Added by Mac Defender:
/Application/MacDefender.app/
/Application/MacDefender.app/Contents
/Application/MacDefender.app/Contents/Info.plist
/Application/MacDefender.app/Contents/MacOS
/Application/MacDefender.app/Contents/MacOS/MacDefender
/Application/MacDefender.app/Contents/PkgInfo
/Application/MacDefender.app/Contents/Resources
/Application/MacDefender.app/Contents/Resources/About-Back.png
/Application/MacDefender.app/Contents/Resources/AboutD.nib
/Application/MacDefender.app/Contents/Resources/AboutMBMI.png
/Application/MacDefender.app/Contents/Resources/affid.txt
/Application/MacDefender.app/Contents/Resources/CC-Back.png
/Application/MacDefender.app/Contents/Resources/CC-BigOptions.png
/Application/MacDefender.app/Contents/Resources/CC-BigOptionsHover.png
/Application/MacDefender.app/Contents/Resources/CC-BigOptionsPressed.png
/Application/MacDefender.app/Contents/Resources/CC-BigScan.png
/Application/MacDefender.app/Contents/Resources/CC-BigScanHover.png
/Application/MacDefender.app/Contents/Resources/CC-BigScanPressed.png
/Application/MacDefender.app/Contents/Resources/CC-BigSysInfo.png
/Application/MacDefender.app/Contents/Resources/CC-BigSysInfoHover.png
/Application/MacDefender.app/Contents/Resources/CC-BigSysInfoPressed.png
/Application/MacDefender.app/Contents/Resources/CC-CleanupBtn.png
/Application/MacDefender.app/Contents/Resources/CC-CleanupHoverBtn.png
/Application/MacDefender.app/Contents/Resources/CC-CleanupPressedBtn.png
/Application/MacDefender.app/Contents/Resources/CC-Exclam.png
/Application/MacDefender.app/Contents/Resources/CC-MoreBtn.png
/Application/MacDefender.app/Contents/Resources/CC-MoreHoverBtn.png
/Application/MacDefender.app/Contents/Resources/CC-MorePressedBtn.png
/Application/MacDefender.app/Contents/Resources/CC-Ok.png
/Application/MacDefender.app/Contents/Resources/CC-Question.png
/Application/MacDefender.app/Contents/Resources/CC-Register.png
/Application/MacDefender.app/Contents/Resources/CC-RegisterHover.png
/Application/MacDefender.app/Contents/Resources/CC-RegisterPressed.png
/Application/MacDefender.app/Contents/Resources/CC-Scan.png
/Application/MacDefender.app/Contents/Resources/CC-ScanHover.png
/Application/MacDefender.app/Contents/Resources/CC-ScanPressed.png
/Application/MacDefender.app/Contents/Resources/CC-StartScan2Btn.png
/Application/MacDefender.app/Contents/Resources/CC-StartScan2HoverBtn.png
/Application/MacDefender.app/Contents/Resources/CC-StartScan2PressedBtn.png
/Application/MacDefender.app/Contents/Resources/CC-Update.png
/Application/MacDefender.app/Contents/Resources/CC-UpdateHover.png
/Application/MacDefender.app/Contents/Resources/CC-UpdatePressed.png
/Application/MacDefender.app/Contents/Resources/Cleanedup.mp3
/Application/MacDefender.app/Contents/Resources/ClearMBMI.png
/Application/MacDefender.app/Contents/Resources/ControlCenterD.nib
/Application/MacDefender.app/Contents/Resources/ControlCenterMBMI.png
/Application/MacDefender.app/Contents/Resources/Curing_1.png
/Application/MacDefender.app/Contents/Resources/Curing_2.png
/Application/MacDefender.app/Contents/Resources/Curing_3.png
/Application/MacDefender.app/Contents/Resources/Curing_4.png
/Application/MacDefender.app/Contents/Resources/Curing_5.png
/Application/MacDefender.app/Contents/Resources/Curing_6.png
/Application/MacDefender.app/Contents/Resources/Curing_7.png
/Application/MacDefender.app/Contents/Resources/Curing_8.png
/Application/MacDefender.app/Contents/Resources/dribblebeep.wav
/Application/MacDefender.app/Contents/Resources/editclear.png
/Application/MacDefender.app/Contents/Resources/English.lproj
/Application/MacDefender.app/Contents/Resources/English.lproj/InfoPlist.strings
/Application/MacDefender.app/Contents/Resources/English.lproj/Localizable.strings
/Application/MacDefender.app/Contents/Resources/English.lproj/MainMenu.nib
/Application/MacDefender.app/Contents/Resources/FilenamePlace.png
/Application/MacDefender.app/Contents/Resources/Fonts
/Application/MacDefender.app/Contents/Resources/Fonts/MyriadPro-It.otf
/Application/MacDefender.app/Contents/Resources/Fonts/MyriadPro-Regular.otf
/Application/MacDefender.app/Contents/Resources/Fonts/MyriadPro-Semibold.otf
/Application/MacDefender.app/Contents/Resources/Fonts/MyriadPro-SemiboldIt.otf
/Application/MacDefender.app/Contents/Resources/icon.icns
/Application/MacDefender.app/Contents/Resources/MB-Infected.png
/Application/MacDefender.app/Contents/Resources/MB-OK.png
/Application/MacDefender.app/Contents/Resources/MB-Unknown.png
/Application/MacDefender.app/Contents/Resources/NotificationPWnd.nib
/Application/MacDefender.app/Contents/Resources/NS-BigBack.png
/Application/MacDefender.app/Contents/Resources/NS-BigBackNoBorder.png
/Application/MacDefender.app/Contents/Resources/NS-BlueExclamPict.png
/Application/MacDefender.app/Contents/Resources/NS-CleanupButton.png
/Application/MacDefender.app/Contents/Resources/NS-CloseBtn.png
/Application/MacDefender.app/Contents/Resources/NS-CloseBtnPressed.png
/Application/MacDefender.app/Contents/Resources/NS-RedExclamPict.png
/Application/MacDefender.app/Contents/Resources/NS-RegisterButton.png
/Application/MacDefender.app/Contents/Resources/NS-ResumeScan.png
/Application/MacDefender.app/Contents/Resources/NS-ScanFinished.png
/Application/MacDefender.app/Contents/Resources/NS-ScanPause.png
/Application/MacDefender.app/Contents/Resources/NS-ScanStop.png
/Application/MacDefender.app/Contents/Resources/NS-SmallBack.png
/Application/MacDefender.app/Contents/Resources/NS-SmallBackNoBorder.png
/Application/MacDefender.app/Contents/Resources/NS-StartScan.png
/Application/MacDefender.app/Contents/Resources/NS-VirusFound.png
/Application/MacDefender.app/Contents/Resources/NS-YellowExclamPict.png
/Application/MacDefender.app/Contents/Resources/Options-Back.png
/Application/MacDefender.app/Contents/Resources/OptionsD.nib
/Application/MacDefender.app/Contents/Resources/OptionsMBMI.png
/Application/MacDefender.app/Contents/Resources/orchestral_ta_da_stinger_01.mp3
/Application/MacDefender.app/Contents/Resources/PauseScanMBMI.png
/Application/MacDefender.app/Contents/Resources/Register-Back.png
/Application/MacDefender.app/Contents/Resources/Register-BuyBtn.png
/Application/MacDefender.app/Contents/Resources/Register-BuyHoverBtn.png
/Application/MacDefender.app/Contents/Resources/Register-BuyPressedBtn.png
/Application/MacDefender.app/Contents/Resources/Register-OkBtn.png
/Application/MacDefender.app/Contents/Resources/Register-OkHoverBtn.png
/Application/MacDefender.app/Contents/Resources/Register-OkPressedBtn.png
/Application/MacDefender.app/Contents/Resources/Register-Pict.png
/Application/MacDefender.app/Contents/Resources/RegisterMBMI.png
/Application/MacDefender.app/Contents/Resources/RegWinD.nib
/Application/MacDefender.app/Contents/Resources/ResumScanMBMI.png
/Application/MacDefender.app/Contents/Resources/Scan-Back.png
/Application/MacDefender.app/Contents/Resources/Scan-PauseScanBtn.png
/Application/MacDefender.app/Contents/Resources/Scan-PauseScanHoverBtn.png
/Application/MacDefender.app/Contents/Resources/Scan-ResumeScanBtn.png
/Application/MacDefender.app/Contents/Resources/Scan-ResumeScanHoverBtn.png
/Application/MacDefender.app/Contents/Resources/Scan-ResumeScanPressedBtn.png
/Application/MacDefender.app/Contents/Resources/Scan-StartScanBtn.png
/Application/MacDefender.app/Contents/Resources/Scan-StartScanHoverBtn.png
/Application/MacDefender.app/Contents/Resources/Scan-StartScanPressedBtn.png
/Application/MacDefender.app/Contents/Resources/Scan-StopScanBtn.png
/Application/MacDefender.app/Contents/Resources/Scan-StopScanHoverBtn.png
/Application/MacDefender.app/Contents/Resources/Scan-StopScanPressed.png
/Application/MacDefender.app/Contents/Resources/ScanD.nib
/Application/MacDefender.app/Contents/Resources/ScanI_1.png
/Application/MacDefender.app/Contents/Resources/ScanI_2.png
/Application/MacDefender.app/Contents/Resources/ScanI_3.png
/Application/MacDefender.app/Contents/Resources/ScanI_4.png
/Application/MacDefender.app/Contents/Resources/ScanMBMI.png
/Application/MacDefender.app/Contents/Resources/ScanNowMBMI.png
/Application/MacDefender.app/Contents/Resources/ScanOk_1.png
/Application/MacDefender.app/Contents/Resources/ScanOk_2.png
/Application/MacDefender.app/Contents/Resources/ScanOk_3.png
/Application/MacDefender.app/Contents/Resources/ScanOk_4.png
/Application/MacDefender.app/Contents/Resources/ScanU_1.png
/Application/MacDefender.app/Contents/Resources/ScanU_2.png
/Application/MacDefender.app/Contents/Resources/ScanU_3.png
/Application/MacDefender.app/Contents/Resources/ScanU_4.png
/Application/MacDefender.app/Contents/Resources/Splash.nib
/Application/MacDefender.app/Contents/Resources/Splash.png
/Application/MacDefender.app/Contents/Resources/StopScanMBMI.png
/Application/MacDefender.app/Contents/Resources/SY-KillBtn.png
/Application/MacDefender.app/Contents/Resources/SY-KillHoverBtn.png
/Application/MacDefender.app/Contents/Resources/SY-RefreshBtn.png
/Application/MacDefender.app/Contents/Resources/SY-RefreshHoverBtn.png
/Application/MacDefender.app/Contents/Resources/SysInfo-Back2.png
/Application/MacDefender.app/Contents/Resources/SysInfoD.nib
/Application/MacDefender.app/Contents/Resources/SysInfoMBMI.png
/Application/MacDefender.app/Contents/Resources/TB-About.png
/Application/MacDefender.app/Contents/Resources/TB-ControlCenter.png
/Application/MacDefender.app/Contents/Resources/TB-Options.png
/Application/MacDefender.app/Contents/Resources/TB-Scan.png
/Application/MacDefender.app/Contents/Resources/TB-Sysinfo.png
/Application/MacDefender.app/Contents/Resources/threat.wav
/Application/MacDefender.app/Contents/Resources/Wallet.png
gary
May 08, 2011 @ 15:23:21
I never asked for your program, now I can’t get it off my machine. You have some nerve running a business like this. You have become my virus. Now I have to go to the apple store pay money to get ride of your stuff. Thanks for the problem. I’m going to alert everyone on facebook and also email the news stations about this scam.
Avid PC User
May 28, 2011 @ 20:25:24
This is what all of you Mac people get for assuming that your MAC was immune to viruses.
I really blame the marketing campaign (with Justin Long and that nerdy PC guy with glasses) that stated “you don’t have to worry about viruses.”
As MAC users increase, MAC malware will go with them. Supply and demand. As with any computer – always be safe, turn your security settings up, and be wary of EVERYTHING you get online.
Signed,
-IT Professional and PC User