MacRapture, MacDefender, AppleUncare

I know you’ve all dying to hear my thoughts on the MacDefender (aka a few other things) fake AV, and possibly wondering why Mac Virus hasn’t commented on that or anything else recently.

Well, I’ve been travelling: Infosec UK, a connectionless week in Devon, Prague for the AMTSO and CARO workshops, and finally a few days in Krems for the EICAR conference. So while I’ve maintained some presence in the blogosphere, I’ve focused on the blogs that are considered part of the services I provide to the AV industry, of which this isn’t one.

And Old Mac was last heard of travelling in the South Seas, so he’s probably already on his way to a celestial street party, if he hasn’t been swallowed by an earthquake in Tonga.

However, I have given one or two journalists the benefit of my prejudices: 

• Tom Brewster for IT Pro at  http://www.itpro.co.uk/633637/mac-defender-threat-is-no-surprise
• Dan Raywood for SC Magazine at http://www.scmagazineuk.com/increase-in-macdefender-rogue-anti-virus-downloads-causes-apple-to-offer-no-support-or-assistance-in-removal-or-diagnosis-of-malware/article/203283/.

And, of course, I’ve been tracking articles relating to the issue. In no particular order:

1. A quality blog, as ever, from Chet Wisniewski, with links to other Sophos blogs on the topic: http://nakedsecurity.sophos.com/2011/05/02/mac-users-hit-with-fake-av-when-using-google-image-search/. Or you could simply do an archive search on http://nakedsecurity.sophos.com/?s=mac+fake, for example.
2. Allegedly, an internal Apple document instructing Applecare operatives to stay hands-off: http://i.zdnet.com/blogs/apple-macdefender-investigation-may-16-2011.png?tag=mantle_skin;content. Also, http://www.zdnet.com/blog/bott/crying-wolf-apple-support-forums-confirm-malware-explosion/3351?pg=1
3. Summary by The H: http://www.h-online.com/security/news/item/Mac-scareware-becomes-more-visible-Update-1246693.html
4. Uninstall Guides from bleepingcomputer.com for MacProtector (http://www.bleepingcomputer.com/virus-removal/remove-mac-protector) and MacDefender (http://www.bleepingcomputer.com/virus-removal/remove-mac-defender)
5. John Gruber lists a whole load of commentary suggesting a possible tipping point, but dismisses it as crying Wolf: http://daringfireball.net/2011/05/wolf. Also cites http://arstechnica.com/apple/news/2011/05/malware-on-the-mac.ars/ et al by way of an alternative view from Apple support.
6. Contrary opinion from Adrian Kingsley-Hughes http://www.zdnet.com/blog/hardware/modern-mac-owners-need-to-ignore-the-dinosaurs-and-get-protection/12857 and Ed Bott http://www.zdnet.com/blog/bott/an-applecare-support-rep-talks-mac-malware-is-getting-worse/3342
7. Sound commentary, as ever, from Intego on this and other Mac malware at http://blog.intego.com/, but this item strikes me as being particularly constructive: http://blog.intego.com/2011/05/13/mac-security-tip-when-you-should-enter-your-password-in-mac-os-x/

Plus a few items not necessarily related, but interesting anyway:

• http://security.thejoshmeister.com/2011/05/apples-mac-app-store-puts-users-at-risk.html; http://nakedsecurity.sophos.com/2011/05/18/mac-app-store-security-risks/  
•  https://www.eff.org/deeplinks/2011/05/apple-should-stand-up 
• http://www.digitaltrends.com/computing/apple-causes-religious-reaction-in-brains-of-fans-say-neuroscientists/ 

I’m saying nothing about that last one. For now…

David Harley CITP FBCS CISSP
Small Blue-Green World