What would Jason do?

Only July 9th, the Internet will cease to exist for some users. It is the end of Facebook updates, junk email and banner ads. Wait, this sounds like a good thing!

Kidding aside, I am talking about a piece of malware called DNSChanger that came out in 2007. It affected Windows users at first and then it was so popular (in the making tons of money for criminals category) that the criminals decided to release it for Macs. So, in 2008, Mac users would get these links to enticing videos of questionable content. If you couldn’t reign in your curiosity, you would follow the links and install software “required” to view the videos. After that, your Domain Name Server (DNS) settings would be changed by the malware so that legitimate searches and websites would be redirected to malicious websites that would try to infect your computer more and generate ad revenue for the criminals.

Before I go any further, I wanted to give you a very brief explanation of DNS. DNS stands for domain name server. The Internet uses a protocol called TCP/IP to route traffic and exchange data. This protocol uses funky numbers with terms like base-10 and binary. Basically, it is four numbers separated by decimals, like 216.92.236.13. DNS will translate the more friendly macorama.com to that number. Without DNS, we would have to memorize a bunch of numbers rather than words. Now I could go into more details like IPv4, IPv6, private and public networks, et cetera. Instead, here is a website that tells you all about it.

Now that you know what Domain Name Servers are, you can see what a piece of malware that changes your DNS settings can do. If it changes it to servers that criminals have control of, they can control whatever comes up when you do a Google search of enter a web address in your browser.

There is good news. In Late 2011, the FBI disrupted this fraud ring. They seized servers that were acting as malicious DNS and the FBI actually set them up to act as legitimate servers. Here is an article about the take down. So, back to my hilarious opening sentence. Only July 9, 2012, the FBI will shut down these servers that were set up for people infected with DNSChanger. If you are infected and have not removed the malware, your Internet will stop working. You can easily remove it by downloading a free piece of software written by SecureMac.com to address DNSChanger. Download it here.

If you want to see if you are infected, go here.

- Jason

Hi Mac Users!

This weekend, I was doing a Google image search looking for butterfly icons (don’t ask). I found an image I liked on Google image search and clicked on it. With just this one simple click, I was able to experience how this new Mac malware tried to infect my computer. I documented it just for you, my loyal readers.

Here is my initial Google image search for “Butterfly”. I found the icon I wanted and clicked on it.

Wow, my Mac has a lot of viruses!

I also noticed that a file called “anti-malware.zip” downloaded to my Downloads folders without any action from me besides clicking on that butterfly icon. After the “virus scan” on my Mac, the web page looked like this.

Looks legitimate?

Notice how the web page is designed to look like a Finder window, complete with the sidebar. Clicking anywhere on this web page downloaded the “anti-malware.zip” file. After I was done playing with this page by clicking around it, I had downloaded the zip file ten times.

So, pretty interesting, huh? In Safari, I don’t have it opening “Safe” files after download, so the infected web page just kept downloading the “anti-malware.zip” file whenever I visited this web page. That is all I needed to do to keep me safe. I went ahead and clicked on the file and instead of MACDefender, the software it wanted to install was “Mac Protector”. I found another piece of malware!

Even though I happened across this trickery, I just deleted the malware and moved on. Here is the thinking that stopped this malware in it’s tracks.

1. Turn off “Open safe files after downloading”. You can do this by going to your Safari preferences and unchecking that box in the General preferences. After you turn it off, items you download from the Internet will go into your “Downloads” folder (or whatever folder you told Safari to download files to) and you will have to manually double-click on them to open them. Firefox users are always asked what to do when a file is going to be downloaded from a web page.
2. Don’t trust the Internet! It doesn’t matter what you do, the Internet is not safe and it is not private. As soon as the web page started “scanning” my computer, I knew it was a hoax. First off, it was a web page and it started accessing my computer without any warning. A legitimate website would at least ask my permission.
3. Be mindful of what you are downloading and what is being installed on your Mac. The Mac will not just install software without you initiating it or confirming it. If I had Safari opening safe files, the malware “Mac Protector” would have tried to install. I would have been presented with the first step and just quit the installation.

Hopefully, these screenshots and my words will increase your knowledge and help you recognize these kinds of threats. We may be seeing more.

- Jason

Hi Mac Users,

Looking at my news sites today, I came across the Mac community all abuzz about a piece of malware that can infect your Mac. I thought I would share some links with you to keep you informed.

Security Bulletin from Intego

TUAW (The Unofficial Apple Weblog)

Remember, this malware is more like social engineering, it tricks you into installing this software and tries to get you to buy a bogus program. It is not exploiting a security hole in the Mac OS. This happens to Windows users all the time! Fortunately, it is much easier to remove and the TUAW articles shows you how to protect yourself.

Enjoy your day!

- Jason

Question from Lars: I have been told Mac computers are not susceptible to viruses, trojan horses, worms, etc because of the open unix platform. But what is the truth? How do I protect my Mac from key loggers and the like?

Jason answers: Macs ARE susceptible to viruses and malware, there just isn’t as many threats to the Mac platform when compared to Windows. Actually, threats to the Windows OS dwarf any other operating system. There have been tens of thousands of viruses, malware, trojans, and adware programs targeted at Windows users and a couple of hundred towards Mac users.

You also mentioned keyloggers. Leaving your Mac unattended can be just as dangerous as malware, especially if you don’t have a password to protect your account. Someone can install software that can collect your keystrokes or report other activities to another location. You can protect yourself by setting a strong password for your account and having to enter the password when you boot up your Mac and wake it from sleep or screensaver.

To protect yourself from Mac malware, you can get software that blocks these threats. Here is a short list of Mac security products and resources. There is quite a bit of information at each link’s destination on threats to the Mac. I hope I don’t generate too much paranoia.

Products

Intego Security Products

ESET NOD32 Antivirus for Mac (in beta)

iAntivirus

Norton Macintosh Security Products

MacScan AntiSpyware

Information and Resources

Mac Virus Blogsite

Intego Security Blog

iAntivirus Threat List

Jason