Microsoft Subnet An independent Microsoft community View more

You call that a virus? How I kicked the Mac Defender's butt in five seconds

Tech journalist gets first Mac virus, experiences euphoric rush upon destroying its scrawny little hide

About six months ago, I bought the MacBook Air, the first Apple computer I've owned since my childhood self played Oregon Trail on the Apple II in my family's house. I was told by some Mac lovers that I'd never need anti-virus software, but I installed the free Sophos software just in case. 

Today, it did come in handy as I got my first Mac virus. In a way, it was exciting. I got some nasty viruses on Windows XP, which required multiple, interminably long anti-virus scans to remove. In one case, I deleted numerous files from the Windows registry, a risky move that worked. In another, my employer's IT folks had to wipe the computer back to its factory settings. (So far, my Windows 7 computer is squeaky clean.) 

Today, I was working on my Mac and navigating to a few of my bookmarked sites, not doing anything too nefarious (wink, wink), when all of a sudden a browser tab in Chrome went haywire. A file called "anti-malware.zip" was downloaded, the browser tab was redirected to an address that displayed a replica of the Mac Finder (it's like Windows Explorer for you non-Mac users), and a popup said "Apple security alert ... To help protect your computer, Apple Web Security have detected Trojans and ready to remove them." This is more commonly known as the Mac Defender virus. 

Here's a screenshot:

This was clearly a virus, even before you get to the broken English. I knew it even before Sophos popped up with a threat detection message, which occurred about 1.6 seconds after my browser was hijacked. Sophos itself was incapable of removing the virus, but directed me to a webpage which stated that as long as I didn't open the download everything should turn out fine. 

So, I went into the Finder, deleted "anti-malware.zip" from the downloads folder, then emptied the trash, closed the browser tab, and that was it. If you actually click on the download, it's a little more complicated: You have to go into your activity monitor and applications list to get rid of it. Complete instructions are provided by the Sourcefire security blog

I've never seen a virus that was so easy to obliterate. It was so laughable I spent more time capturing a screen shot of my infected browser tab than I did actually getting the virus off my computer.

The question around Mac security is always whether the limited number of viruses is attributable to Apple's paltry market share, or if it really has a better security model than Windows. One clear advantage I see for Apple is the Time Machine, which should make it easy to roll your OS back to a previous state as long as you take regular backups, say once a week or so. I tend to do a Time Machine backup whenever I make major changes to my computer.

Installing antivirus software and making more frequent use of the Time Machine is something I'd recommend to any Mac owner. As ZDNet's Ed Bott notes, "This attack might be crude, but that doesn't mean the next one will be."

UPDATE: Thanks to the readers who pointed out that Mac Defender is a Trojan, not a virus. There are differences (for example, Trojans do not self-replicate), and I should have used the proper terminology.

Follow Jon Brodkin on Twitter

Join the discussion
Be the first to comment on this article. Our Commenting Policies