Ric Romero Reports: Macs not unhackable!

For those who have followed my Apple-centric ramblings over the years, I've never out and out said that you can't infect a Mac with malware. What I do say is this:

- Macs are generally more difficult to target by malware authors
- The consequences of an attack are typically less when they do happen
- It's easier to target the much larger Windows market
- In keeping with rule #1 above, the "drive-by download" really isn't a viable Mac attack strategy

Because of this, while the Internet is filled with Windows botnets, Mac attacks are few and far between. But lately there's been a variation on the "Antivirus 2010" attack that is targeting Macs and has had some success - even a couple of my clients have been hit by it.

The attack is this: Web pages are infected via PHP and/or other exploits to deliver redirects when accessed via a search engine referral. The redirect takes the user to a page that automatically downloads a "MAC Defender" (or related name) fake antivirus program that mounts automatically and launches the Installer. You still have to click on the Installer dialog, give your password, and click Install - it can't auto-install like the Windows versions do (they usually load through PDF exploits on Windows).

In other words, it's malware like in Windows, but it only gets loaded via social engineering - not via a machine exploit. That's an important distinction.

It's also really easy to clear - kill the process via Activity Monitor, delete the application, and remove it from your Login Items. Dead. Unlike Antivirus 2010 and its cousins, which you have to use removal software (I like Malwarebytes) to get and still may need repairs afterwards.

We Mac people can take this as a warning, though. As time goes by, Macs will be targeted more and more often - and Apple needs to be proactive about security. They do a decent job right now but will need to stay on top of it. Are we at the day when Macs need antivirus software? Nope. But that day is a little closer right now than it has been for quite a while.