Beware MAC Defender: OSX malware disguised as anti-virus software


A new piece of malware is spreading, notable because it targets computers running Mac OS X, rather than Windows. Reports of the trojan "MAC Defender" (aka Mac Protector, aka Mac Security) first surfaced on May 2, but the malware has since morphed and proliferated.

The basics: it spreads as search engine optimization (SEO) poisoning, using popular search terms for prominent search engine results.

More: PC World, MacWorld, Ars Technica, Fortune, and a full description updated today at

And if you are a Mac user, now is as good a time as any to consider installing *actual* anti-virus and malware scan apps. Intego's VirusBarrier, Sophos and MacScan are several with free demo versions.

Apparently, "osama bin laden" is one of the popular search terms used to deploy. I just encountered a MAC Defender come-on page in Safari after clicking on a poisoned link via Twitter, hence the inspiration for this blog post. Pretty sure one of the remnant ads on served it. The serving IP is below, load it at your own risk, I paste it for informational purposes only.