Although malware on Mac OS X is nowhere near as common as it is on Windows, Trojan horses—programs that purport to do something useful and instead do something nasty—aren’t exactly unknown. Some appear in the form of “free” installers for commercial applications distributed via file sharing networks, while others have been mostly proofs-of-concept that never made it out into the wild. However, a new-ish trojan dubbed “Mac Defender,” “Mac Protector,” or “Mac Security” seems to be garnering some victims, perhaps by tapping into Mac users’ unease that their operating system doesn’t have any explicit security software built in. To Windows users, Mac Defender’s tactics are all too familiar: the program pretends to scan your system for trouble, find all sorts of truly nasty things, then offers to fix them all—for a fee.
In a blog post, ZDNet’s Ed Bott details trawling through Apple discussion forums looking for posts from people impacted by the trojan, and claims to have located hundreds of instances of Mac users being scared or outright duped by the software. He also details a conversation with an Apple support representative who confirmed the problem has been escalating since Mac Defender first appeared earlier this month.
Mac Defender’s success seems built on two factors. First, it looks (somewhat) like a Macintosh application: where few Mac users will be fooled by “scareware” that reports problems like “Virus found in C:\WINDOWS\system32\” or a similar location that makes no sense on the Mac, Mac Defender is tailored to Mac OS X and, to a non-technical user at least, looks legitimate. Second, the creators and/or distributors of Mac Defenders exercised some “Google fu” to put their malware in front of as many users as possible, creating bogus Web pages that gamed search engine rankings so the malware would sometimes be served up in response to everyday queries like “Mother’s Day.”
Although it’s been many (many) years since serious malware circulated for the Macintosh, there’s nothing about Mac OS X that makes it fundamentally more secure than other operating systems. Malware writers just don’t seem to bother targeting it, given the far greater number of Windows-based PCs on the planet. (Arguably, current versions of Mac OS X are less secure than current versions of Windows; Apple is expected to improve under-the-hood security technology more in the forthcoming Mac OS X 10.7 “Lion.”) However, if a program can trick users into giving your credit card information—or entering an administrator’s name and password—no operating system architecture in the world can save them.
