Log In | Become a Member | Contact Us

Leading printing executives into the future

Connect on Twitter | Facebook | LinkedIn

Featured:     Smart Automation Webinar     Printing Forecast 2018     Production Inkjet     Installations and Placements Tracker

Industry Insight

New Mac "Rogueware" Alert

Back in 1998,

By Richard Romano
Published: May 7, 2011

Back in 1998, I was working for Micro Publishing News, and I got a call from one of our printers. (That is, one of our print service providers; our network printers rarely spoke to me. Today, though, I have a “green” printer that, every time I try to print an e-mail, yells at me, “You don’t want to print that! Think of the environment!”)

Anyway, our print service provider said, “One of your Zip disks [remember those?] gave us a virus. We lost a lot of stuff.” We were a 100% Mac office, so I was stunned. A virus? On the Mac? If it had been Victorian England, my monocle would have popped out of my eye and ladies would have fainted. But, yes. A virus. On the Mac. These were the infamous “autostart worms” which—after running out and getting an antivirus program—I discovered had infected most of our computers. Contrary to popular belief, there are actually viruses on the Mac platform (i.e., SevenDust wasn’t just the name of a band), especially today. Back in the 90s, we used to joke that the Mac was such an unpopular platform that the hackers didn’t even bother writing malware for it.

So I was not entirely surprised when the other day a number of friends and colleagues—some of whom were Windows users, so I detected a certain “nyah” factor—forwarded me stories of a new Mac malware alert. It’s not a virus per se, but is rather something called “rogueware.” Says Computerworld:

The program, dubbed MAC Defender, is similar to existing “rogueware,” the term for bogus security software that claims a personal computer is heavily infected with malware. Once installed, such software nags users with pervasive pop-ups and fake alerts until they fork over a fee to purchase the worthless program.

Sounds like Norton Antivirus—oh, but I kid Norton Antivirus... The story goes on:
Th[e] campaign is currently exploiting the hot news topic of Bin Laden's death to get people to click on links that redirect their browsers to the rogueware downloads. The scammers have used “black hat” SEO (search engine optimization) tactics to push links to rogueware higher on Google Images' search results.

But that’s not the only way Mac owners have been duped into installing MAC Defender.

On Saturday—the day before President Obama announced the killing of Bin Laden—messages from infected users began appearing on Apple’s support forums.

“FYI, my daughter said the program started after clicking on a ‘hair style photo,’” added “Mr. Fix It Home Services” on the same support thread. Others reported stumbling upon MAC Defender after searching for images of prom tuxedos or for pictures of a character in the movie “Princess Bride.”

How does the scam work?
unless users have Safari set not to automatically open files after downloading, MAC Defender’s installation screen opens without any user action. That’s been enough to con some into approving the install by typing their administrative password.

The program also relies on an unusual technique to make users pay up.

“Every few minutes, it opens a porn page in the browser,” said James of MAC Defender. “We think they’re doing this because most people will assume that that means they’ve got a virus on their Mac, and they need to get rid of it by paying for the program.”

MAC Defender demands $60–$80, depending on whether users select a one-year, two-year or lifetime “license.”


Mac users running Safari can prevent MAC Defender from automatically opening after it downloads by unchecking the box marked “Open ‘safe’ files after downloading” at the bottom of the General tab in the browser’s Preferences screen.

So let’s be careful out there!

Please offer your feedback to Richard. He can be reached at richard@whattheythink.com.



By J Long on May 07, 2011

How do I get rid of Mac Defender, that fake virus protector? The red shield is on my top task bar near the time machine back up icon.


By Martin Bailey on May 09, 2011

You should have tried running a PostScript output bureau (remember those?) back around 1990. Virtually every Mac disk we received had a virus on it; doxens of different types. There were viruses on Macs before there were viruses on Windows ... and then, for some reason, they all just went away.


By Dr Joe Webb on May 12, 2011

This kind of software is also called "ransomware", and it is on the PC as well. The longer it sits on the computer and the longer you don't buy, the more gruesome the things that appear on your screen. On the PC, I eventually killed it with a combination of the free software Spybot and my virus software. I did eventually find one of its offending files and delete it. It was very difficult. Took the better part of a day to do it, and I finally solved it just before I was about to do a total re-install of the system.


By Noel Ward on May 12, 2011

There is another one going under the name of Mac Protector that does the same thing. Instructions for deleting it are available on Mac-Forums.com.


By Matt Beals on May 16, 2011

Back in the 80's and 90's, and even into the early part of the 2000's, we were constantly having to scan incoming discs for viruses. There were a lot of viruses for the Mac back then. But any Mac users who scoff at the idea of virus protection are fools. There are a few viruses now but that doesn't mean that there will not be more. Especially as the idea of "ransomeware" becomes much more profitable for cyber criminals.


By Bob on May 22, 2011

Show me ONE single SYMPTOM from a "virus" or "malware" on OSX *WITHOUT* the user running an installer, and inputting their admin password. You won't be able to find any. Their hasn't been a single SYMPTOM from any of these "threats" EVER on OSX. Anyone can install a program to f**k up their computer - duh! I can also willingly shoot myself in the foot! Should I walk around with bullet proof shoes to prevent myself from shooting myself in the foot? I know, I know ... I'm getting really philosophical here. But isn't philosophy what this issue is really about? People *think* their are threats to Macs, however the only threats have been things that would be considered a comical self inflicting wound. Again, show me ONE symptom that has appeared on OSX without the user going through a full blown installer.

What did the MacDefender program even do to the OS? NOTHING! OOOHHHH NOOO it put a startup item in my startup items list!!!! OMG!?!!?! Ok lemme start this serious virus removal by removing the startup item! OK done...that was friggin hard!!!

If I really gave a rats behind about some self inflicted wound that I did to myself such as MacDefender, all I would have to do is boot off my Leopard disk and run an "Archive and install" which would leave my user folder and applications intact while completely rebuilding the OS. All better, and without any noticeable change! Too bad rebuilding your computer on Windows isn't as easy as that! Poor Windows users =[ . So let it be known that even in the case of the laughable "Macapolipse", all the Mac users will need to do is boot off the OSX Boot DVD and run an "Archive and install". Sounds scary!

Their aren't any current threats to OSX other then the user's stupidity. I don't like to resort to insults, but when people act like these lame-duck attacks are anything Mac users should be worried about - it's insulting to the truth. As I said before, when ONE person can show ONE symptom from an attack without running an installer and entering your admin password - then I'll give two s**ts about what these ignorant fear mongering n00bs say about Macs.


By Ira on May 25, 2011

Anyone who has any computer whether it be, Mac, Windows, Linux, whatever should protect against viruses, even if your system is not susceptible to the virus you should be obligated to take care of it, or you risk passing it on to someone who is susceptible. I run mostly Linux nowadays, but I scan everything I download and send out for known viruses on all platforms, you're welcome.


Post a Comment

To post a comment Log In or Become a Member, doing so is simple and free


Become a Member

Join the thousands of printing executives who are already part of the WhatTheyThink Community.

Copyright © 2018 WhatTheyThink. All Rights Reserved