Macintosh Security: Phishing & Trojans & Rogueware, Oh, My!

by Boyd on May 3, 2011

Everyone has heard that computers running the Mac OS X don’t have the same problems with viruses that plague many Microsoft Windows machines.  Mac OS X itself  is designed with technologies and layers of built-in security that provide protection against most malicious software (malware) and security threats right out of the box.

Even with all of its built-in protections, however, there are still a few kinds of security threats that Mac users need to be aware of and guard against!  The recent appearance of a clever fake security program specifically aimed at Mac users makes this a great time to review potential threats.

“MacDefender” (or “Mac Security”, or “MacProtector” …)

The most specific, critical and time-sensitive warning that we can give you at this point is not to install a software package called MacDefender. MacDefender is a very polished Trojan Horse or Rogueware (we’ll go over what that means later in this post) that is apparently being delivered primarily through fake Google image search results at the moment.  There are many detailed reports of what it does and how it works and I’ll link to some of those at the bottom of this post.

The short version is that you’re browsing the Internet and you end up on a site that starts warning you that your Mac has viruses.  If you click anywhere on the page your Mac downloads and tries to automatically install a software program named BestMacAntivirus2011.mpkg.zip.  It will require your password to install – if you don’t give it your password it can’t do anything.  Don’t give it your password.  Close the web page, even if it warns you that you won’t be protected from viruses.

At this point, Safari is automatically blocking most known sources of MacDefender with a warning about malware.

Update:  the “MacDefender” package has been updated and may have different names including, but not limited to, “Mac Security” and “MacProtector”.  They all work the same way.

Social Engineering

MacDefender fits in the broad category of security threats that use Social Engineering.  Social Engineering, from a technology perspective, is the act of manipulating people into providing confidential information or into performing actions that allow a program access to privileged information or resources.  Basically, it’s today’s version of a “con” or “confidence game.”

In any type of Social Engineering trick, the goal is to get you to think that the request for information or actions that you have been directed to take are legitimate.  Their focus is not on technical vulnerabilities in your computer or your software but, ironically, on your very fear of theft, viruses and intrusion.  Coupled with the average user’s lack of in-depth knowledge of technology it’s not surprising that some of these tricks are quite successful at getting at our information.

The best way to thwart social engineering tricks to to be aware of them.

Phishing

Phishing is the official name for all of those emails that you get that are trying to get information about your bank accounts, usernames, passwords, credit cards, etc.  Sometimes they’re easy to spot – full of bad grammar and misspellings or promises of large sums of money.  Recently we’ve seen much more sophisticated versions, however, that try hard to look like legitimate email from your bank, PayPal, eBay, etc.  Phishing emails are pretty easy to avoid, however.  If you get an email that looks like it’s from your bank, don’t click any links in the email.  Instead, go to your web browser and access your bank’s site as you normally would – by using one of your bookmarks or by typing in the URL manually.  If there’s something you need to do they’ll let you know once you log in there.

Trojan Horse

A trojan horse is malware that masquerades as real software.  The name is derived from that of the original Trojan Horse and the intent is the same – to trick you into ushering it through your walls by pretending to be something positive.

An example of a true mac trojan horse was the “AS.MW2004.Trojan” discovered in 2004.  This was a VERY small program available on peer-to-peer file sharing networks that tried to pass itself off as a free installer for a pirated version of Microsoft Office 2004 for Mac OS X.  If you downloaded, installed and ran the trojan it would attempt to delete all of your documents.

Preventing a trojan horse from getting into your Mac is not too challenging.  Only get your software from legitimate sources and be especially wary of software you didn’t intentionally download.

Rogueware and Scareware

Rogueware like MacDefender is rogue security software.  It is typically classified as a particular type of trojan horse that masquerades as software to protect or clean your computer.  This type of software is also often referred to as scareware as it tries very hard to scare you into installing it by telling you that your computer is already infected with other kinds of malware.  If you ever have any doubts about installing a piece of software, ask an expert!

Resources

Here are some descriptions of how the MacDefender rogueware works.

TidBITS Safe Computing: Beware Fake MACDefender Antivirus Software

New ‘MACDefender’ Malware Threat for Mac OS X – Mac Rumors

Update:  Intego has posted a nice video showing the curious exactly how the MacDefender rogueware looks to the end-user.  See it at:

Update: Apple has published a KnowledgeBase article on MacDefender and how to remove it.  A MacOS Update is due soon with built-in protection.

If you think you have been compromised with it, be sure to let a Mac consultant know!  Its very easy to remove but if you give it your credit card number you’ll need to do some extra work to protect your finances.

Have you encountered any Macintosh Malware?  Do you use any Mac security software?  Let us know in the comments!

{ 3 comments }

Kicking Apple Mail Up a Notch

by Boyd on August 18, 2010

Apple’s built-in Mail client is great for most users “as is”, but some small business operators may want additional functionality and features.  Staying organized, managing your email and Getting Things Done can all be more efficient by adding features through Mail’s plugin architecture.  Here are a few of our favorite tools:

MsgFiler

This is a small, popular plugin that offers pretty much everyone a quick boost to workflow efficiency.  It only does one thing — with a single keystroke you can bring up a window to quickly file messages into any one of your mail folders.  Believe it or not, this is a huge timesaver compared to drag and drop, especially when you’re working on a laptop and have that trackpad to contend with instead of a mouse.

Unlike Mail’s built-in smart mailboxes functionality, which allows you to view your email based on certain criteria, MsgFiler lets you file any selected messages quickly and easily.  The plugin is shareware — your $8 purchase price removes the initial alert when using the application.

Mail Act-On

Mail allows you to define rules that are applied when a message is received.  Mail Act-On takes email management a step further — by allowing you to define keystroke combinations that will perform any action you’ve defined on a particular message.  Do you regularly forward messages to an assistant or colleague?  Move messages to an application such as OmniFocus?  Post them on a company website?  Log them into a trouble ticket system?  With Mail Act-On you can automate any of these actions (and any others you can dream up) with a single keystroke.  This is great for GTD and “Inbox Zero” adherents who maintain ACTION and ARCHIVE folders and invariably assign emails to one or the other as they read them.  It’s easy to set up without getting a programmer involved, and the developer offers lots of great tutorials.  Mail Act-On is free for 30 days and then $24.95 to register.

MailTags

If you’ve ever appreciated the ability of Outlook or Entourage to associate messages with projects, add comments and other tags to email messages, you’ll love the MailTags plugin.  Offered by the same developer as Mail Act-On, this plugin easily and efficiently allows you to tag messages with projects, comments, etc., and to find your added metadata with Spotlight.  You can add reminders, contexts (great for GTD) and due dates, then create smart mailboxes for any of the tags you’ve created.  Mail Tags will also automatically apply tags from earlier messages when you get new emails in the same thread.  It integrates with EagleFiler, OmniFocus and DevonThink so that when you move a message into one of those applications the tags remain in place.  MailTags is free for 30 days and then $29.95 to register.

Bonus Tip

Speaking of email productivity, we wanted to offer one other tip that’s saved us hours.  Do you ever deal with clients or vendors whose mail servers keep packaging their messages to you as winmail.dat files?  Invariably the solution offered by the client is for you to work with their IT department to get the problem fixed — typically a real time suck.  A simple solution?  TNEF’s Enough, a little utility that easily decodes these attachments.  Simply save the winmail.dat file to your Desktop, launch TNEF’s Enough and open the winmail.dat file from the utility’s File menu.  Ta da!  You get a readable attachment and don’t have to waste your time pestering your client.  TNEF’s Enough is freeware.

More Plugins and Resources

Hawk Wings is a great place to find plugins, tips and other helpful add-ons for Apple Mail.  All of the plugins we’ve discussed in this post are listed on this site, as well as many others, all with a nice description of what they do.

Have you found other tools that increase your productivity with Apple Mail?  Let us know in the comments!

{ 0 comments }

Easy Calendar Sharing for Small Businesses

August 10, 2010

While the use of shared calendars can be a huge benefit to the workflow of small businesses, many options aren’t [...]

Read the full article →

Welcome to the new CallSTAT.com!

February 6, 2010

We are very proud to launch the new STAT website!  While we’re thrilled to have an updated look and feel [...]

Read the full article →