Is Mac under a virus attack?

May 4, 2011, 2:44 PM UTC

No. But there’s some bad news rising on the Apple malware front

Bogus MAC Defender virus scan. Source: Intego

Let’s see if we can handle this one as a Q&A.

Q: Is there a Mac OS X virus loose on the Internet? Technically, no. As far as I know, no Mac OS X virus has ever been detected in the wild. But there are other kinds of Mac malware out there that you should know about.

Q: Like what? The immediate concern, ironically, is a bogus antivirus program called “MAC Defender” that targets Mac OS X users running Safari.

Q: What does MAC Defender do? According to a memo released Monday by the computer security site Intego: 1) It runs a fake Windows virus scan animation and announces that your computer is infected. 2) It runs a real Mac installation program and asks for your administrator password. 3) Once installed, it makes your computer act like it really is infected, opening offensive websites and generally misbehaving. 4) It offers you 1-year, 2-year or lifetime protection. 5) If you buy the protection, it steals your credit card number.

Q: Is this the start of the long-awaited Macpocalypse? No, but someone has started selling a $1,000 crimekit that could produce a new wave of malware targeting Apple (AAPL) computers.

Q: What’s a malware crimekit? It’s a fill-in-the-blanks program of the kind organized cybercrime gangs have been using for years to generate Microsoft (MSFT) Windows malware. With a do-it-yourself toolkit, a criminal with limited programming skills can infect millions of computers.

Weyland-Yutani BOT crimekit. Source: CSIS

Q: What’s this new Mac crimekit, and what does it do? According to an alert published Monday by the Danish security firm CSIS, it’s a Windows program called “Weyland-Yutani BOT” that supports “Web injects” and “form grabbing” on Firefox for the Mac. (Safari and Chrome reportedly in the works, as well as Linux and iPad versions.) Web injects can put new language into trusted websites and form grabbers can capture passwords and credit numbers entered by unsuspecting users. (Video of the toolkit in action below.)

Q: So are Macs now as dangerous as Windows PCs? Not by a long shot. Last fall, the computer security team at Sophos Labs reported that they were seeing one or two attacks on Macs each week, compared with tens of thousands per day against Windows PCs. Moreover, the two newest Mac malware threats haven’t really begun in earnest. Intego describes MAC Defender as “rare,” and according to CSIS, Weyland-Yutani BOT is still flying under the radar.

Q: Should Mac users install anti-virus software? That’s your (or your IT administrator’s) call. This could change, but I’ve found anti-virus programs for the Mac to be more trouble than they’re worth — witness the havoc a program like MAC Defender can cause.

Q: What else can Mac users do to protect themselves? Don’t download programs unless they come from trusted sources, like an Apple App Store. Unless you have absolute confidence in the site that is asking for it, never give up your computer password, your social security number or your credit card information. And as an extra precaution, uncheck “Open ‘safe’ files after downloading” in Safari Preferences/General.

Below: A YouTube video showing Weyland-Yutani BOT in action.


Also on

[Follow Philip Elmer-DeWitt on Twitter @philiped]