PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Apple's Very Own 'Patch Tuesday' Deals With MacDefender Scareware

Damon Poeter
 & Damon Poeter Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Apple on Tuesday released a promised security update for Mac OS X 10.6.7, aka Snow Leopard, and Mac OS X Server 10.6.7 that identifies, quarantines and removes a system-crippling class of rogue anti-virus malware commonly known as MacDefender.

MacDefender is a form of Trojan Horse scareware that often infects Apple's Mac computers through poisoned image searches on sites like Google. Once it infects a computer, it takes over the desktop and is difficult to remove as it attaches itself to the launch menu and has no dock icon.

Often simulating a third-party malware attack by flashing pornographic browser images and the like, the scam then prompts users to purchase an expensive anti-virus solution to be rid of the "threat."

Those solutions, recently linked to a dubious Russian payment site by security researcher Brian Krebs, go by such names as MacDefender, MacProtector, and MacSecurity.

Apple's OS X fix, called "Security Update 2011-003," adds a definition for the scareware called "OSX.MacDefender.A" in the operating system's File Quarantine Information malware check. If detected, MacDefender-class scareware is quarantined and removed from the system, with users getting an alert if this happens.

MacDefender started making widespread appearances about a month ago. At the time, security firm Intego identified how the scareware was attacking Apple's Macintosh platform.

"When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a Web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a Web browser is checked ("open safe files" after downloading in Safari, for example), will open," Intego stated.

The MacDefender-class Trojan Horse is similar to rogue anti-virus scareware that has plagued PC users for years.

Apple has in the past trumpeted the Mac's relative lack of malware problems as compared to Microsoft's Windows platform. But growing market share and Apple's increasing notoriety have apparently made OS X a juicy target for such security threats.

About Our Expert

Damon Poeter

Damon Poeter

Reporter

Damon Poeter got his start in journalism working for the English-language daily newspaper The Nation in Bangkok, Thailand. He covered everything from local news to sports and entertainment before settling on technology in the mid-2000s. Prior to joining PCMag, Damon worked at CRN and the Gilroy Dispatch. He has also written for the San Francisco Chronicle and Japan Times, among other newspapers and periodicals.

Read the latest from Damon Poeter

Read full bio